CVE-2009-0652

MEDIUM

Description

The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.

ID	Name	Product	Family	Severity
67848	Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0437)	Nessus	Oracle Linux Local Security Checks	medium
67847	Oracle Linux 4 / 5 : firefox (ELSA-2009-0436)	Nessus	Oracle Linux Local Security Checks	medium
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
60573	Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
60572	Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
44695	Debian DSA-1830-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	critical
43743	CentOS 4 / 5 : firefox (CESA-2009:0436)	Nessus	CentOS Local Security Checks	medium
41437	SuSE 11 Security Update : Mozilla (SAT Patch Number 834)	Nessus	SuSE Local Security Checks	medium
41354	SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 835)	Nessus	SuSE Local Security Checks	medium
40309	openSUSE Security Update : seamonkey (seamonkey-1014)	Nessus	SuSE Local Security Checks	critical
40280	openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-832)	Nessus	SuSE Local Security Checks	medium
40172	openSUSE Security Update : MozillaFirefox (MozillaFirefox-833)	Nessus	SuSE Local Security Checks	medium
40133	openSUSE Security Update : seamonkey (seamonkey-1014)	Nessus	SuSE Local Security Checks	critical
40076	openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-832)	Nessus	SuSE Local Security Checks	medium
39889	openSUSE Security Update : MozillaFirefox (MozillaFirefox-833)	Nessus	SuSE Local Security Checks	medium
39462	openSUSE 10 Security Update : seamonkey (seamonkey-6310)	Nessus	SuSE Local Security Checks	critical
38899	CentOS 3 / 4 : seamonkey (CESA-2009:0437)	Nessus	CentOS Local Security Checks	medium
38853	Mandriva Linux Security Advisory : firefox (MDVSA-2009:111-1)	Nessus	Mandriva Local Security Checks	high
38724	Debian DSA-1797-1 : xulrunner - several vulnerabilities	Nessus	Debian Local Security Checks	medium
38160	Fedora 10 : Miro-2.0.3-3.fc10 / blam-1.8.5-9.fc10 / devhelp-0.22-7.fc10 / epiphany-2.24.3-5.fc10 / etc (2009-3893)	Nessus	Fedora Local Security Checks	medium
37309	Fedora 9 : Miro-2.0.3-3.fc9 / blam-1.8.5-8.fc9.1 / chmsee-1.0.1-11.fc9 / devhelp-0.19.1-11.fc9 / etc (2009-3875)	Nessus	Fedora Local Security Checks	medium
36228	Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-764-1)	Nessus	Ubuntu Local Security Checks	medium
36215	Firefox < 3.0.9 Multiple Vulnerabilities	Nessus	Windows	high
36214	RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0437)	Nessus	Red Hat Local Security Checks	medium
36213	RHEL 4 / 5 : firefox (RHSA-2009:0436)	Nessus	Red Hat Local Security Checks	medium
4998	Mozilla Firefox < 3.0.9 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
35978	SeaMonkey < 1.1.15 Multiple Vulnerabilities	Nessus	Windows	high
35977	Mozilla Thunderbird < 2.0.0.21 Multiple Vulnerabilities	Nessus	Windows	high
5084	SeaMonkey < 1.1.17 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
5001	Mozilla Thunderbird < 2.0.0.22 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
801255	Mozilla SeaMonkey < 1.1.17 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801249	Mozilla Thunderbird < 2.0.0.21 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
800746	Firefox < 3.0.9 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high

CVE-2009-0652

Description

References

Details

Risk Information

CVSS v2.0