CVE-2009-0777

medium

Description

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7435

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6229

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6157

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6039

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11222

https://exchange.xforce.ibmcloud.com/vulnerabilities/49087

https://bugzilla.mozilla.org/show_bug.cgi?id=452979

http://www.vupen.com/english/advisories/2009/0632

http://www.securityfocus.com/bid/33990

http://www.redhat.com/support/errata/RHSA-2009-0315.html

http://www.mozilla.org/security/announce/2009/mfsa2009-11.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:075

http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

http://securitytracker.com/alerts/2009/Mar/1021799.html

http://secunia.com/advisories/34272

http://secunia.com/advisories/34145

http://secunia.com/advisories/34140

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html

Details

Source: Mitre, NVD

Published: 2009-03-05

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: Medium