CVE-2009-1834
9 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.114 Low
EPSS
Percentile
95.2%
Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.
References
osvdb.org/55162
secunia.com/advisories/35331
secunia.com/advisories/35415
secunia.com/advisories/35431
secunia.com/advisories/35439
secunia.com/advisories/35468
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
www.debian.org/security/2009/dsa-1820
www.mozilla.org/security/announce/2009/mfsa2009-25.html
www.securityfocus.com/bid/35326
www.securityfocus.com/bid/35388
www.vupen.com/english/advisories/2009/1572
bugzilla.mozilla.org/show_bug.cgi?id=479413
bugzilla.redhat.com/show_bug.cgi?id=503573
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10436
rhn.redhat.com/errata/RHSA-2009-1095.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
Related
9 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.114 Low
EPSS
Percentile
95.2%