[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-0777

Date: (C)2009-03-04   (M)2017-10-04
 
CVSS Score: 5.8Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 4.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: PARTIAL











Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

Reference:
SECTRACK-1021799
BID-33990
SECUNIA-34140
SECUNIA-34145
SECUNIA-34272
ADV-2009-0632
MDVSA-2009:075
RHSA-2009:0315
SUSE-SA:2009:012
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://www.mozilla.org/security/announce/2009/mfsa2009-11.html
https://bugzilla.mozilla.org/show_bug.cgi?id=452979
mozilla-invisible-url-spoofing(49087)

CPE    88
cpe:/a:mozilla:thunderbird:2.0.0.18
cpe:/a:mozilla:thunderbird:2.0.0.14
cpe:/a:mozilla:thunderbird:2.0.0.16
cpe:/a:mozilla:thunderbird:2.0.0.17
...
CWE    1
CWE-20
OVAL    52
oval:org.secpod.oval:def:300815
oval:org.secpod.oval:def:200359
oval:org.secpod.oval:def:700306
oval:org.secpod.oval:def:202804
...

© 2013 SecPod Technologies