Lucene search

[email protected]CVE-2009-2665

HistoryAug 04, 2009 - 4:30 p.m.

CVE-2009-2665

2009-08-0416:30:00

CWE-94

[email protected]

web.nvd.nist.gov

mozilla

firefox

nsdocument

setscriptglobalobject

http

security

vulnerability

nvd

9.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.2%

JSON

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq3.5
mozilla:firefoxmozilla firefoxeq3.5.1
mozilla:firefoxmozilla firefoxeq3.5.2

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	3.5
mozilla:firefox	mozilla firefox	eq	3.5.1
mozilla:firefox	mozilla firefox	eq	3.5.2

References

secunia.com/advisories/36126

sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1

www.mozilla.org/security/announce/2009/mfsa2009-46.html

www.securityfocus.com/bid/35928

www.vupen.com/english/advisories/2009/2142

bugzilla.mozilla.org/show_bug.cgi?id=498897

www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html

9.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.2%

JSON

Related for CVE-2009-2665

openvas9 cvelist1 prion1 ubuntucve1 mozilla1 nessus7 gentoo1