Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2009-0357

Опубликовано: 04 фев. 2009
Источник: debian
EPSS Низкий

Описание

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
iceweaselfixed3.0package
iceweaselend-of-lifeetchpackage
xulrunnerfixed1.9.0.5-1package
xulrunnerend-of-lifeetchpackage
iceapefixed1.1.14-1.1package
iceapeend-of-lifeetchpackage
kompozerfixed1:0.8~alpha2+dfsg+svn129-1package

Примечания

  • Iceweasel in Lenny links against Xulrunner

  • Iceape in Lenny only provides XPCOM libs

EPSS

Процентиль: 73%
0.00798
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2009-0357

ubuntu
больше 16 лет назад

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.

redhat логотип

CVE-2009-0357

redhat
больше 16 лет назад

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.

nvd логотип

CVE-2009-0357

nvd
больше 16 лет назад

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.

github логотип

GHSA-xprr-83m2-vv8v

github
больше 3 лет назад

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.

oracle-oval логотип

ELSA-2009-0256

oracle-oval
больше 16 лет назад

ELSA-2009-0256: firefox security update (CRITICAL)

EPSS

Процентиль: 73%
0.00798
Низкий