SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2009-0777

Date: (C)2009-03-04 (M)2024-03-27

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1021799

SUSE-SA:2009:012

http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

http://www.mozilla.org/security/announce/2009/mfsa2009-11.html

https://bugzilla.mozilla.org/show_bug.cgi?id=452979

mozilla-invisible-url-spoofing(49087)

oval:org.mitre.oval:def:11222

oval:org.mitre.oval:def:6039

oval:org.mitre.oval:def:6157

oval:org.mitre.oval:def:6229

oval:org.mitre.oval:def:7435

cpe:/a:mozilla:thunderbird:2.0.0.18
cpe:/a:mozilla:thunderbird:2.0.0.19
cpe:/a:mozilla:thunderbird:2.0.0.14
cpe:/a:mozilla:thunderbird:2.0.0.16
...

oval:org.mitre.oval:def:6229
oval:org.mitre.oval:def:6157
oval:org.mitre.oval:def:6039
oval:org.secpod.oval:def:101728
...

© SecPod Technologies