CVE-2009-3076

medium

Description

Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9306

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6140

https://bugzilla.mozilla.org/show_bug.cgi?id=509413

https://bugzilla.mozilla.org/show_bug.cgi?id=326628

http://www.vupen.com/english/advisories/2010/0650

http://www.securitytracker.com/id?1022877

http://www.securityfocus.com/bid/36343

http://www.redhat.com/support/errata/RHSA-2010-0154.html

http://www.redhat.com/support/errata/RHSA-2010-0153.html

http://www.redhat.com/support/errata/RHSA-2009-1432.html

http://www.redhat.com/support/errata/RHSA-2009-1431.html

http://www.redhat.com/support/errata/RHSA-2009-1430.html

http://www.novell.com/linux/security/advisories/2009_48_firefox.html

http://www.mozilla.org/security/announce/2009/mfsa2009-48.html

http://www.debian.org/security/2009/dsa-1885

http://secunia.com/advisories/37098

http://secunia.com/advisories/36692

http://secunia.com/advisories/36671

http://secunia.com/advisories/36670

http://secunia.com/advisories/36669

Details

Source: Mitre, NVD

Published: 2009-09-10

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.22216