CVE-2009-0776

Name	CVE-2009-0776
Description	nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1751-1, DSA-1830-1
Debian Bugs	535124

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
icedove (PTS)	jessie	1:52.3.0-4~deb8u2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
icedove	source	lenny	2.0.0.22-0lenny1		DSA-1830-1
icedove	source	squeeze	2.0.0.22-0lenny1
icedove	source	(unstable)	2.0.0.22-1			535124
iceweasel	source	etch	(unfixed)	end-of-life
iceweasel	source	(unstable)	3.0
kompozer	source	(unstable)	1:0.8~alpha2+dfsg+svn129-3
xulrunner	source	etch	(unfixed)	end-of-life
xulrunner	source	lenny	1.9.0.7-0lenny1		DSA-1751-1
xulrunner	source	(unstable)	1.9.0.7-1

Notes

[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
Iceweasel in Lenny links against Xulrunner
[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)