Your submission was sent successfully! Close

CVE-2009-1835

Published: 12 June 2009

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(uses system xulrunner)
intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (1.1.17+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.1.17+nobinonly-0ubuntu0.8.10.1)
jaunty
Released (1.1.17+nobinonly-0ubuntu0.9.04.1)
karmic
Released (1.1.17+nobinonly-0ubuntu1)
upstream Needs triage

xulrunner-1.9
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2)
jaunty
Released (1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1)
karmic Does not exist

upstream Needs triage

xulrunner-1.9.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

intrepid Does not exist

jaunty
Released (1.9.1+nobinonly-0ubuntu0.9.04.1)
karmic
Released (1.9.1~rc2+nobinonly-0ubuntu1)
upstream Needs triage