CVE-2009-0777
9 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.006 Low
EPSS
Percentile
78.6%
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
References
lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
secunia.com/advisories/34140
secunia.com/advisories/34145
secunia.com/advisories/34272
securitytracker.com/alerts/2009/Mar/1021799.html
support.avaya.com/elmodocs2/security/ASA-2009-069.htm
support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
www.mandriva.com/security/advisories?name=MDVSA-2009:075
www.mozilla.org/security/announce/2009/mfsa2009-11.html
www.redhat.com/support/errata/RHSA-2009-0315.html
www.securityfocus.com/bid/33990
www.vupen.com/english/advisories/2009/0632
bugzilla.mozilla.org/show_bug.cgi?id=452979
exchange.xforce.ibmcloud.com/vulnerabilities/49087
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11222
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6039
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6157
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6229
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7435
Related
9 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.006 Low
EPSS
Percentile
78.6%