CVE-2009-3076

2009-09-1021:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2009-3076

mozilla firefox

dialog implementation

remote attackers

pkcs11 module

nvd

9.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.906 High

EPSS

Percentile

98.8%

JSON

Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq0.1
mozilla:firefoxmozilla firefoxeq0.9_rc
mozilla:firefoxmozilla firefoxeq0.8
mozilla:firefoxmozilla firefoxeq2.0.0.12
mozilla:firefoxmozilla firefoxeq1.5
mozilla:firefoxmozilla firefoxeq2.0_.7
mozilla:firefoxmozilla firefoxeq3.0.7
mozilla:firefoxmozilla firefoxeq1.5.2
mozilla:firefoxmozilla firefoxeq3.0.9
mozilla:firefoxmozilla firefoxeq1.5.0.6

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	0.1
mozilla:firefox	mozilla firefox	eq	0.9_rc
mozilla:firefox	mozilla firefox	eq	0.8
mozilla:firefox	mozilla firefox	eq	2.0.0.12
mozilla:firefox	mozilla firefox	eq	1.5
mozilla:firefox	mozilla firefox	eq	2.0_.7
mozilla:firefox	mozilla firefox	eq	3.0.7
mozilla:firefox	mozilla firefox	eq	1.5.2
mozilla:firefox	mozilla firefox	eq	3.0.9
mozilla:firefox	mozilla firefox	eq	1.5.0.6