Lucene search

[email protected]NVD:CVE-2009-3376

HistoryOct 29, 2009 - 2:30 p.m.

CVE-2009-3376

2009-10-2914:30:00

CWE-16

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

5.5 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.

Affected configurations

NVD

Node

mozillafirefoxMatch3.0beta5

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0.7

mozillafirefoxMatch3.0.8

mozillafirefoxMatch3.0.9

mozillafirefoxMatch3.0.10

mozillafirefoxMatch3.0.11

mozillafirefoxMatch3.0.12

mozillafirefoxMatch3.0.13

mozillafirefoxMatch3.5.1

mozillafirefoxMatch3.5.2

mozillafirefoxMatch3.5.3

mozillaseamonkeyRange≤1.5.0.10

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillaseamonkeyMatch1.1.14

mozillaseamonkeyMatch1.1.15

mozillaseamonkeyMatch1.1.16

mozillaseamonkeyMatch1.1.17

mozillaseamonkeyMatch1.5.0.8

mozillaseamonkeyMatch1.5.0.9

References

lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

secunia.com/advisories/38977

sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1

www.mandriva.com/security/advisories?name=MDVSA-2009:294

www.mozilla.org/security/announce/2009/mfsa2009-62.html

www.redhat.com/support/errata/RHSA-2010-0153.html

www.redhat.com/support/errata/RHSA-2010-0154.html

www.ubuntu.com/usn/USN-915-1

www.vupen.com/english/advisories/2009/3334

www.vupen.com/english/advisories/2010/0648

www.vupen.com/english/advisories/2010/0650

bugzilla.mozilla.org/show_bug.cgi?id=511521

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11218

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6541

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

5.5 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for NVD:CVE-2009-3376

seebug2 veracode1 mozilla1 securityvulns2 cvelist1 prion1 ubuntucve1 cve1 openvas61 nessus46 oraclelinux3 centos4 redhat4 ubuntu3 fedora42 debian1 osv1 freebsd2 vmware2 suse1 gentoo1