Lucene search

K
cveMitreCVE-2009-3370
HistoryOct 29, 2009 - 2:30 p.m.

CVE-2009-3370

2009-10-2914:30:00
mitre
web.nvd.nist.gov
46
mozilla firefox
form history
remote attackers
cve-2009-3370
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.037

Percentile

91.9%

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.

Affected configurations

Nvd
Node
mozillafirefoxMatch3.0
OR
mozillafirefoxMatch3.0alpha
OR
mozillafirefoxMatch3.0beta2
OR
mozillafirefoxMatch3.0beta5
OR
mozillafirefoxMatch3.0.1
OR
mozillafirefoxMatch3.0.2
OR
mozillafirefoxMatch3.0.3
OR
mozillafirefoxMatch3.0.4
OR
mozillafirefoxMatch3.0.5
OR
mozillafirefoxMatch3.0.6
OR
mozillafirefoxMatch3.0.7
OR
mozillafirefoxMatch3.0.8
OR
mozillafirefoxMatch3.0.9
OR
mozillafirefoxMatch3.0.10
OR
mozillafirefoxMatch3.0.11
OR
mozillafirefoxMatch3.0.12
OR
mozillafirefoxMatch3.0.13
OR
mozillafirefoxMatch3.0.14
OR
mozillafirefoxMatch3.5.1
OR
mozillafirefoxMatch3.5.2
OR
mozillafirefoxMatch3.5.3
VendorProductVersionCPE
mozillafirefox3.0cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
mozillafirefox3.0cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
mozillafirefox3.0cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
mozillafirefox3.0cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
mozillafirefox3.0.1cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
mozillafirefox3.0.2cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
mozillafirefox3.0.3cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
mozillafirefox3.0.4cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
mozillafirefox3.0.5cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
mozillafirefox3.0.6cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
Rows per page:
1-10 of 211

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.037

Percentile

91.9%