6.4 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.031 Low
EPSS
Percentile
90.8%
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/
es.geocities.com/jplopezy/firefoxspoofing.html
osvdb.org/56717
secunia.com/advisories/36001
secunia.com/advisories/36126
secunia.com/advisories/36141
secunia.com/advisories/36435
secunia.com/advisories/36669
secunia.com/advisories/36670
sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
www.debian.org/security/2009/dsa-1873
www.mozilla.org/security/announce/2009/mfsa2009-44.html
www.redhat.com/support/errata/RHSA-2009-1430.html
www.redhat.com/support/errata/RHSA-2009-1431.html
www.redhat.com/support/errata/RHSA-2009-1432.html
www.securityfocus.com/archive/1/505242/30/0/threaded
www.securityfocus.com/archive/1/505265
www.securityfocus.com/bid/35803
www.securitytracker.com/id?1022603
www.vupen.com/english/advisories/2009/2006
www.vupen.com/english/advisories/2009/2142
bugzilla.mozilla.org/show_bug.cgi?id=451898
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686
usn.ubuntu.com/811-1/
www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html