CVE-2009-0355

CVE Details

Release Date:2009-02-04

Description


components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type=file during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.

See more information about CVE-2009-0355 from MITRE CVE dictionary and NIST NVD


CVSS v2.0 metrics


NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score: 5.4 Base Metrics: AV:N/AC:H/Au:N/C:C/I:N/A:N
Access Vector: Network Attack Complexity: High
Authentication: None required Confidentiality Impact: Complete
Integrity Impact: None Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Enterprise Linux version 3 (seamonkey)ELSA-2009-02572009-02-04
Oracle Enterprise Linux version 4 (firefox)ELSA-2009-02562009-02-04
Oracle Enterprise Linux version 4 (nss)ELSA-2009-02562009-02-04
Oracle Enterprise Linux version 4 (seamonkey)ELSA-2009-02572009-02-04
Oracle Enterprise Linux version 4 (thunderbird)ELSA-2009-02582009-03-24
Oracle Linux version 5 (firefox)ELSA-2009-02562009-02-04
Oracle Linux version 5 (nss)ELSA-2009-02562009-02-04
Oracle Linux version 5 (xulrunner)ELSA-2009-02562009-02-04



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete