CVE-2009-0776

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.

🔗 References (76)

• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
• secalert@redhathttp://secunia.com/advisories/34137
• secalert@redhathttp://secunia.com/advisories/34140
• secalert@redhathttp://secunia.com/advisories/34145
• secalert@redhathttp://secunia.com/advisories/34272
• secalert@redhathttp://secunia.com/advisories/34324
• secalert@redhathttp://secunia.com/advisories/34383
• secalert@redhathttp://secunia.com/advisories/34387
• secalert@redhathttp://secunia.com/advisories/34417
• secalert@redhathttp://secunia.com/advisories/34462
• secalert@redhathttp://secunia.com/advisories/34464
• secalert@redhathttp://secunia.com/advisories/34527
• secalert@redhathttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
• secalert@redhathttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952