[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-0777

Date: (C)2009-03-04   (M)2017-11-18 


Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

CVSS Score: 5.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 4.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1021799
BID-33990
SECUNIA-34140
SECUNIA-34145
SECUNIA-34272
ADV-2009-0632
MDVSA-2009:075
RHSA-2009:0315
SUSE-SA:2009:012
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://www.mozilla.org/security/announce/2009/mfsa2009-11.html
https://bugzilla.mozilla.org/show_bug.cgi?id=452979
mozilla-invisible-url-spoofing(49087)

CPE    88
cpe:/a:mozilla:thunderbird:2.0.0.18
cpe:/a:mozilla:thunderbird:2.0.0.19
cpe:/a:mozilla:thunderbird:2.0.0.14
cpe:/a:mozilla:thunderbird:2.0.0.16
...
CWE    1
CWE-20
OVAL    52
oval:org.secpod.oval:def:300815
oval:org.secpod.oval:def:500645
oval:org.secpod.oval:def:202214
oval:org.secpod.oval:def:202059
...

© 2013 SecPod Technologies