1
PublicDateAtUSN: 2009-02-04
2
Candidate: CVE-2009-0357
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357
6
https://usn.ubuntu.com/usn/usn-717-1
7
https://usn.ubuntu.com/usn/usn-717-3
8
https://usn.ubuntu.com/usn/usn-717-2
10
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly
11
restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2
12
HTTP response headers, which allows remote attackers to obtain sensitive
13
information from cookies via XMLHttpRequest calls, related to the HTTPOnly
17
jdstrand> CVEs in Firefox are tracked in the xulrunner source packages. The
18
mapping of xulrunner sources to firefox is:
19
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
20
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
21
xulrunner-1.9: firefox-3.0
22
xulrunner-1.9.1: firefox-3.5
23
jdstrand: Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
24
the system xulrunner-1.9.2, so it is tracked in the firefox source package.
27
Discovered-by: Wladimir Palant
31
upstream_firefox: needs-triage
32
dapper_firefox: released (1.5.dfsg+1.5.0.15~prepatch080614j-0ubuntu1)
33
gutsy_firefox: released (2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1)
34
hardy_firefox: ignored (uses system xulrunner)
38
lucid_firefox: not-affected
39
maverick_firefox: not-affected
40
natty_firefox: not-affected
41
devel_firefox: not-affected
44
upstream_xulrunner: needs-triage
46
gutsy_xulrunner: released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
47
hardy_xulrunner: released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1)
48
intrepid_xulrunner: released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1)
49
jaunty_xulrunner: ignored (reached end-of-life)
50
karmic_xulrunner: ignored (reached end-of-life)
52
maverick_xulrunner: DNE
56
Patches_xulrunner-1.9:
57
upstream_xulrunner-1.9: needs-triage
58
dapper_xulrunner-1.9: DNE
59
gutsy_xulrunner-1.9: needed (reached end-of-life)
60
hardy_xulrunner-1.9: released (1.9.0.6+nobinonly-0ubuntu0.8.04.1)
61
intrepid_xulrunner-1.9: released (1.9.0.6+nobinonly-0ubuntu0.8.10.1)
62
jaunty_xulrunner-1.9: released (1.9.0.6+nobinonly-0ubuntu1)
63
karmic_xulrunner-1.9: DNE
64
lucid_xulrunner-1.9: DNE
65
maverick_xulrunner-1.9: DNE
66
natty_xulrunner-1.9: DNE
67
devel_xulrunner-1.9: DNE
71
upstream_seamonkey: released (1.1.15)
74
hardy_seamonkey: released (1.1.15+nobinonly-0ubuntu0.8.04.2)
75
intrepid_seamonkey: released (1.1.15+nobinonly-0ubuntu0.8.10.2)
76
jaunty_seamonkey: released (1.1.15+nobinonly-0ubuntu2)
77
karmic_seamonkey: released (1.1.15+nobinonly-0ubuntu2)
78
lucid_seamonkey: released (1.1.15+nobinonly-0ubuntu2)
79
maverick_seamonkey: released (1.1.15+nobinonly-0ubuntu2)
80
natty_seamonkey: released (1.1.15+nobinonly-0ubuntu2)
81
devel_seamonkey: released (1.1.15+nobinonly-0ubuntu2)
84
upstream_iceape: needs-triage
86
gutsy_iceape: needed (reached end-of-life)