[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3076Date: (C)2009-09-10   (M)2024-03-27


Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1022877
BID-36343
SECUNIA-36669
SECUNIA-36670
BID-36671
SECUNIA-36692
SECUNIA-37098
ADV-2010-0650
DSA-1885
RHSA-2009:1430
RHSA-2009:1431
RHSA-2009:1432
RHSA-2010:0153
RHSA-2010:0154
SUSE-SA:2009:048
http://www.mozilla.org/security/announce/2009/mfsa2009-48.html
https://bugzilla.mozilla.org/show_bug.cgi?id=326628
https://bugzilla.mozilla.org/show_bug.cgi?id=509413
oval:org.mitre.oval:def:6140
oval:org.mitre.oval:def:9306

CPE    87
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
cpe:/a:mozilla:firefox:0.8
cpe:/a:mozilla:firefox:0.7
...
OVAL    42
oval:org.secpod.oval:def:300538
oval:org.secpod.oval:def:200490
oval:org.secpod.oval:def:500315
oval:org.secpod.oval:def:102264
...

© SecPod Technologies