Lucene search

[email protected]CVE-2009-3006

HistoryAug 28, 2009 - 3:30 p.m.

CVE-2009-3006

2009-08-2815:30:00

[email protected]

web.nvd.nist.gov

cve-2009-3006

maxthon browser

address bar spoofing

unicode

remote attackers

spoofed login form

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.8%

JSON

Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.

Affected configurations

NVD

Node

maxthonmaxthon_browserMatch2.5.3.80

CPENameOperatorVersion
maxthon:maxthon_browsermaxthon maxthon browsereq2.5.3.80

CPE	Name	Operator	Version
maxthon:maxthon_browser	maxthon maxthon browser	eq	2.5.3.80

References

lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html

exchange.xforce.ibmcloud.com/vulnerabilities/53009

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6437

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.8%

JSON

Related for CVE-2009-3006

prion1 openvas2 cvelist1 nvd1