Lucene search

K

[email protected]NVD:CVE-2009-3274

HistorySep 21, 2009 - 7:30 p.m.

CVE-2009-3274

2009-09-2119:30:00

[email protected]

web.nvd.nist.gov

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

mozillafirefoxMatch2.0

OR

mozillafirefoxMatch2.0.0.1

OR

mozillafirefoxMatch2.0.0.2

OR

mozillafirefoxMatch2.0.0.3

OR

mozillafirefoxMatch2.0.0.4

OR

mozillafirefoxMatch2.0.0.5

OR

mozillafirefoxMatch2.0.0.6

OR

mozillafirefoxMatch2.0.0.7

OR

mozillafirefoxMatch2.0.0.8

OR

mozillafirefoxMatch2.0.0.9

OR

mozillafirefoxMatch2.0.0.10

OR

mozillafirefoxMatch2.0.0.11

OR

mozillafirefoxMatch2.0.0.12

OR

mozillafirefoxMatch2.0.0.13

OR

mozillafirefoxMatch2.0.0.14

OR

mozillafirefoxMatch2.0.0.15

OR

mozillafirefoxMatch2.0.0.16

OR

mozillafirefoxMatch2.0.0.17

OR

mozillafirefoxMatch2.0.0.18

OR

mozillafirefoxMatch2.0.0.19

OR

mozillafirefoxMatch2.0.0.20

OR

mozillafirefoxMatch3.0

OR

mozillafirefoxMatch3.0.1

OR

mozillafirefoxMatch3.0.2

OR

mozillafirefoxMatch3.0.3

OR

mozillafirefoxMatch3.0.4

OR

mozillafirefoxMatch3.0.5

OR

mozillafirefoxMatch3.0.6

OR

mozillafirefoxMatch3.0.7

OR

mozillafirefoxMatch3.0.8

OR

mozillafirefoxMatch3.0.9

OR

mozillafirefoxMatch3.0.10

OR

mozillafirefoxMatch3.0.11

OR

mozillafirefoxMatch3.0.12

OR

mozillafirefoxMatch3.0.13

OR

mozillafirefoxMatch3.0.14

OR

mozillafirefoxMatch3.5

OR

mozillafirefoxMatch3.5.1

OR

mozillafirefoxMatch3.5.2

OR

mozillafirefoxMatch3.5.3

OR

mozillafirefoxMatch3.6a1

AND

linuxlinux_kernelMatch-

References

jbrownsec.blogspot.com/2009/09/vamos-updates.html

secunia.com/advisories/36649

securitytube.net/Zero-Day-Demos-%28Firefox-Vulnerability-Discovered%29-video.aspx

sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1

www.mandriva.com/security/advisories?name=MDVSA-2009:294

www.mozilla.org/security/announce/2009/mfsa2009-53.html

www.redhat.com/support/errata/RHSA-2010-0153.html

www.redhat.com/support/errata/RHSA-2010-0154.html

www.vupen.com/english/advisories/2009/3334

www.vupen.com/english/advisories/2010/0650

bugzilla.mozilla.org/show_bug.cgi?id=514823

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9641

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2009-3274

cve1 seebug2 openvas49 securityvulns2 cvelist1 prion1 ubuntucve1 mozilla1 veracode1 nessus36 oraclelinux3 centos4 redhat4 fedora41 debian1 osv1 vmware2 ubuntu2 freebsd1 suse1 gentoo1