Lucene search
Ubuntu.comUB:CVE-2009-3376HistoryOct 29, 2009 - 12:00 a.m.
CVE-2009-3376
2009-10-2900:00:00
ubuntu.com
ubuntu.com
15
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.014 Low
EPSS
Percentile
86.4%
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before
2.0, does not properly handle a right-to-left override (aka RLO or U+202E)
Unicode character in a download filename, which allows remote attackers to
spoof file extensions via a crafted filename, as demonstrated by displaying
a non-executable extension for an executable file.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 8.04 | noarch | firefox-3.0 | <Β 3.0.15+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 8.10 | noarch | firefox-3.0 | <Β 3.0.15+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
| ubuntu | 9.04 | noarch | firefox-3.0 | <Β 3.0.15+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
| ubuntu | 9.04 | noarch | firefox-3.5 | <Β 3.5.4+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | firefox-3.5 | <Β 3.5.4+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | thunderbird | <Β 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 8.10 | noarch | thunderbird | <Β 2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
| ubuntu | 9.04 | noarch | thunderbird | <Β 2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | thunderbird | <Β 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | xulrunner-1.9 | <Β 1.9.0.15+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
Related
prion
prion
Code injection
2009-10-29 14:30:00
seebug
seebug
Mozilla FirefoxδΈθ½½ζδ»Άεζ¬ΊιͺζΌζ΄
2009-11-03 00:00:00
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
2010-03-19 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:36:53
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-62
2009-10-28 00:00:00
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2009-11-05 00:00:00
mozilla
mozilla
Download filename spoofing with RTL override β Mozilla
2009-10-27 00:00:00
cve
cve
CVE-2009-3376
2009-10-29 14:30:00
openvas
openvas
Mozilla Seamonkey Multiple Vulnerabilities (Nov 2009) - Linux
2009-11-04 00:00:00
Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Linux)
2009-11-04 00:00:00
Mozilla Seamonkey Multiple Vulnerabilities (Nov 2009) - Windows
2009-11-04 00:00:00
nessus
nessus
SeaMonkey < 2.0 Multiple Vulnerabilities
2009-10-29 00:00:00
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
Mozilla Thunderbird < 2.0.0.24 Multiple Vulnerabilities
2010-03-19 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2009-10-28 00:00:00
firefox security update
2009-10-28 00:00:00
thunderbird security update
2010-03-17 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2010-03-18 00:00:00
Firefox and Xulrunner vulnerabilities
2009-10-31 00:00:00
Firefox and Xulrunner regression
2009-11-11 00:00:00
redhat
redhat
(RHSA-2009:1531) Critical: seamonkey security update
2009-10-27 00:00:00
(RHSA-2009:1530) Critical: firefox security update
2009-10-27 00:00:00
(RHSA-2010:0153) Moderate: thunderbird security update
2010-03-17 00:00:00
centos
centos
seamonkey security update
2009-10-28 13:15:48
firefox, nspr security update
2009-10-28 13:44:04
thunderbird security update
2010-03-17 18:24:23
fedora
fedora
[SECURITY] Fedora 11 Update: ruby-gnome2-0.19.3-3.fc11
2009-10-29 02:59:35
[SECURITY] Fedora 11 Update: seamonkey-1.1.19-1.fc11
2010-04-21 21:53:31
[SECURITY] Fedora 11 Update: evolution-rss-0.1.4-5.fc11
2009-10-29 02:59:35
osv
osv
xulrunner - several vulnerabilities
2009-10-28 00:00:00
debian
debian
[SECURITY] [DSA 1922-1] New xulrunner packages fix several vulnerabilities
2009-10-28 21:13:52
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-03-16 00:00:00
mozilla -- multiple vulnerabilities
2009-10-27 00:00:00
vmware
vmware
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-11-04 14:24:35
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.014 Low
EPSS
Percentile
86.4%
Related for UB:CVE-2009-3376