CVE 2009-0357
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
Related bugs and status
CVE-2009-0357 (Candidate) is related to these bugs:
Bug #152516: kompozer tip dialog does not close, if main dialog is destroyed
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 152516 | kompozer tip dialog does not close, if main dialog is destroyed | kompozer (Ubuntu) | Undecided | Fix Released | ||
| 152516 | kompozer tip dialog does not close, if main dialog is destroyed | KompoZer | Unknown | Unknown | ||
Bug #244227: KompoZer cannot display the right Chinese fonts
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 244227 | KompoZer cannot display the right Chinese fonts | kompozer (Ubuntu) | Undecided | Fix Released | ||
Bug #260021: kompozer-bin crashed with SIGSEGV in nsTimerImpl::Fire()
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 260021 | kompozer-bin crashed with SIGSEGV in nsTimerImpl::Fire() | kompozer (Ubuntu) | Medium | Fix Released | ||
Bug #263441: kompozer crashes in intrepid when opening the recent files menu
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 263441 | kompozer crashes in intrepid when opening the recent files menu | kompozer (Ubuntu) | Undecided | Fix Released | ||
| 263441 | kompozer crashes in intrepid when opening the recent files menu | Baltix | Undecided | New | ||
Bug #276290: kompozer-bin crashed with SIGSEGV in g_closure_invoke()
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 276290 | kompozer-bin crashed with SIGSEGV in g_closure_invoke() | kompozer (Ubuntu) | Medium | Fix Released | ||
Bug #309655: Seamonkey 1.1.14 security upgrade
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 309655 | Seamonkey 1.1.14 security upgrade | seamonkey (Ubuntu) | Critical | Fix Released | ||
| 309655 | Seamonkey 1.1.14 security upgrade | seamonkey (Ubuntu Hardy) | Critical | Fix Released | ||
| 309655 | Seamonkey 1.1.14 security upgrade | seamonkey (Ubuntu Intrepid) | Critical | Fix Released | ||
Bug #365163: kompozer keeps crashing
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 365163 | kompozer keeps crashing | kompozer (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
