Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-764-1
HistoryApr 23, 2009 - 12:00 a.m.

Firefox and Xulrunner vulnerabilities

2009-04-2300:00:00
ubuntu.com
49

10 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.264 Low

EPSS

Percentile

96.7%

JSON

Releases

  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04

Packages

  • firefox-3.0 -
  • xulrunner-1.9 -

Details

Several flaws were discovered in the browser engine. If a user were tricked
into viewing a malicious website, a remote attacker could cause a denial of
service or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304,
CVE-2009-1305)

It was discovered that Firefox displayed certain Unicode characters which
could be visually confused with punctuation in valid web addresses in the
location bar. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2009-0652)

Several flaws were discovered in the way Firefox processed malformed URI
schemes. If a user were tricked into viewing a malicious website, a remote
attacker could execute arbitrary JavaScript or steal private data.
(CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)

Cefn Hoile discovered Firefox did not adequately protect against embedded
third-party stylesheets. An attacker could exploit this to perform script
injection attacks using XBL bindings. (CVE-2009-1308)

Paolo Amadini discovered that Firefox would submit POST data when reloading
an inner frame of a web page. If a user were tricked into viewing a
malicious website, a remote attacker could steal private data.
(CVE-2009-1311)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.04noarchfirefox-3.0< 3.0.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchabrowser< 3.0-branding-3.0.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchfirefox< 3.0-3.0.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchfirefox< 3.0-branding-3.0.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchfirefox< 3.0-dev-3.0.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchfirefox< 3.0-gnome-support-3.0.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchabrowser< 3.0.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchxulrunner-1.9< 1.9.0.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchxulrunner-1.9< dev-1.9.0.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchxulrunner-1.9< gnome-support-1.9.0.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
Rows per page:
1-10 of 281

Related

fedora 39
nessus 34
openvas 72
oraclelinux 3
debian 1
freebsd 1
osv 1
redhat 4
centos 4
securityvulns 7
mozilla 8
ubuntu 1
cve 7
veracode 7
ubuntucve 5
prion 5
fedora
fedora
[SECURITY] Fedora 9 Update: mugshot-1.2.2-8.fc9
2009-04-22 20:27:04
[SECURITY] Fedora 9 Update: totem-2.23.2-14.fc9
2009-04-22 20:27:04
[SECURITY] Fedora 10 Update: galeon-2.0.7-9.fc10
2009-04-24 19:52:12
nessus
nessus
CentOS 4 / 5 : firefox (CESA-2009:0436)
2010-01-06 00:00:00
Firefox < 3.0.9 Multiple Vulnerabilities
2009-04-22 00:00:00
SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 835)
2009-09-24 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2009-0436)
2015-10-08 00:00:00
CentOS Update for firefox CESA-2009:0436 centos4 i386
2011-08-09 00:00:00
CentOS Security Advisory CESA-2009:0436 (firefox)
2009-04-28 00:00:00
oraclelinux
oraclelinux
firefox security update
2009-04-22 00:00:00
seamonkey security update
2009-04-21 00:00:00
thunderbird security update
2009-06-25 00:00:00
debian
debian
[SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities
2009-05-09 13:00:16
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-04-21 00:00:00
osv
osv
xulrunner - several vulnerabilities
2009-05-09 00:00:00
redhat
redhat
(RHSA-2009:0436) Critical: firefox security update
2009-04-21 00:00:00
(RHSA-2009:0437) Critical: seamonkey security update
2009-04-21 00:00:00
(RHSA-2009:1126) Moderate: thunderbird security update
2009-06-25 00:00:00
centos
centos
firefox, xulrunner security update
2009-04-23 11:19:15
seamonkey security update
2009-04-22 19:48:58
seamonkey security update
2009-04-24 05:51:23
securityvulns
securityvulns
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2009-04-28 00:00:00
Mozilla Foundation Security Advisory 2009-14
2009-04-23 00:00:00
Mozilla Foundation Security Advisory 2009-16
2009-04-23 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.9.0.9) — Mozilla
2009-04-21 00:00:00
Malicious search plugins can inject code into arbitrary sites — Mozilla
2009-04-21 00:00:00
URL spoofing with box drawing character — Mozilla
2009-04-21 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2009-06-25 00:00:00
cve
cve
CVE-2009-1310
2009-04-22 18:30:00
CVE-2009-1309
2009-04-22 18:30:00
CVE-2009-1308
2009-04-22 18:30:00
veracode
veracode
Phishing Attacks
2020-04-10 00:38:43
Phishing Attack
2020-04-10 00:33:14
Arbitrary Code Execution
2020-04-10 00:33:06
ubuntucve
ubuntucve
CVE-2009-1310
2009-04-22 00:00:00
CVE-2009-1306
2009-04-22 00:00:00
CVE-2009-1309
2009-04-22 00:00:00
prion
prion
Cross site scripting
2009-04-22 18:30:00
Memory corruption
2009-04-22 18:30:00
Cross site scripting
2009-04-22 18:30:00

10 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.264 Low

EPSS

Percentile

96.7%

JSON
Related for USN-764-1
fedora39nessus34openvas72oraclelinux3debian1freebsd1osv1redhat4centos4securityvulns7mozilla8ubuntu1cve7veracode7ubuntucve5prion5