CVE-2009-0776

Publication date 4 March 2009

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.

Read the notes from the security team

Status

Package Ubuntu Release Status

Notes

jdstrand

CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package.

References

Related Ubuntu Security Notices (USN)

    • USN-741-1
    • Thunderbird vulnerabilities
    • 19 March 2009
    • USN-728-2
    • Firefox vulnerabilities
    • 6 March 2009
    • USN-728-1
    • Firefox and Xulrunner vulnerabilities
    • 5 March 2009
    • USN-728-3
    • Firefox vulnerabilities
    • 6 March 2009

Other references