CVE-2009-0777

MEDIUM

Description

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

References

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html

http://secunia.com/advisories/34140

http://secunia.com/advisories/34145

http://secunia.com/advisories/34272

http://securitytracker.com/alerts/2009/Mar/1021799.html

http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

http://www.mandriva.com/security/advisories?name=MDVSA-2009:075

http://www.mozilla.org/security/announce/2009/mfsa2009-11.html

http://www.redhat.com/support/errata/RHSA-2009-0315.html

http://www.securityfocus.com/bid/33990

http://www.vupen.com/english/advisories/2009/0632

https://bugzilla.mozilla.org/show_bug.cgi?id=452979

https://exchange.xforce.ibmcloud.com/vulnerabilities/49087

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11222

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6039

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6157

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6229

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7435

Details

Source: MITRE

Published: 2009-03-05

Updated: 2017-09-29

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM