5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
5.4 Medium
AI Score
Confidence
High
0.031 Low
EPSS
Percentile
91.2%
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/
es.geocities.com/jplopezy/firefoxspoofing.html
osvdb.org/56717
secunia.com/advisories/36001
secunia.com/advisories/36126
secunia.com/advisories/36141
secunia.com/advisories/36435
secunia.com/advisories/36669
secunia.com/advisories/36670
sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
www.debian.org/security/2009/dsa-1873
www.mozilla.org/security/announce/2009/mfsa2009-44.html
www.redhat.com/support/errata/RHSA-2009-1430.html
www.redhat.com/support/errata/RHSA-2009-1431.html
www.redhat.com/support/errata/RHSA-2009-1432.html
www.securityfocus.com/archive/1/505242/30/0/threaded
www.securityfocus.com/archive/1/505265
www.securityfocus.com/bid/35803
www.securitytracker.com/id?1022603
www.vupen.com/english/advisories/2009/2006
www.vupen.com/english/advisories/2009/2142
bugzilla.mozilla.org/show_bug.cgi?id=451898
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686
usn.ubuntu.com/811-1/
www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html