CVE-2009-2654

Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
References
Link Resource
http://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/ Patch Vendor Advisory
http://es.geocities.com/jplopezy/firefoxspoofing.html
http://osvdb.org/56717
http://secunia.com/advisories/36001 Vendor Advisory
http://secunia.com/advisories/36126 Vendor Advisory
http://secunia.com/advisories/36141 Vendor Advisory
http://secunia.com/advisories/36435 Vendor Advisory
http://secunia.com/advisories/36669
http://secunia.com/advisories/36670
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
http://www.debian.org/security/2009/dsa-1873
http://www.mozilla.org/security/announce/2009/mfsa2009-44.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-1430.html
http://www.redhat.com/support/errata/RHSA-2009-1431.html
http://www.redhat.com/support/errata/RHSA-2009-1432.html
http://www.securityfocus.com/archive/1/505242/30/0/threaded Exploit
http://www.securityfocus.com/archive/1/505265
http://www.securityfocus.com/bid/35803 Exploit Patch
http://www.securitytracker.com/id?1022603
http://www.vupen.com/english/advisories/2009/2006 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/2142 Patch Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=451898
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686
https://usn.ubuntu.com/811-1/
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html
http://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/ Patch Vendor Advisory
http://es.geocities.com/jplopezy/firefoxspoofing.html
http://osvdb.org/56717
http://secunia.com/advisories/36001 Vendor Advisory
http://secunia.com/advisories/36126 Vendor Advisory
http://secunia.com/advisories/36141 Vendor Advisory
http://secunia.com/advisories/36435 Vendor Advisory
http://secunia.com/advisories/36669
http://secunia.com/advisories/36670
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
http://www.debian.org/security/2009/dsa-1873
http://www.mozilla.org/security/announce/2009/mfsa2009-44.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-1430.html
http://www.redhat.com/support/errata/RHSA-2009-1431.html
http://www.redhat.com/support/errata/RHSA-2009-1432.html
http://www.securityfocus.com/archive/1/505242/30/0/threaded Exploit
http://www.securityfocus.com/archive/1/505265
http://www.securityfocus.com/bid/35803 Exploit Patch
http://www.securitytracker.com/id?1022603
http://www.vupen.com/english/advisories/2009/2006 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/2142 Patch Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=451898
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686
https://usn.ubuntu.com/811-1/
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.1:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.2:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.2:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.2:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*

History

21 Nov 2024, 01:05

Type Values Removed Values Added
References () http://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/ - Patch, Vendor Advisory () http://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/ - Patch, Vendor Advisory
References () http://es.geocities.com/jplopezy/firefoxspoofing.html - () http://es.geocities.com/jplopezy/firefoxspoofing.html -
References () http://osvdb.org/56717 - () http://osvdb.org/56717 -
References () http://secunia.com/advisories/36001 - Vendor Advisory () http://secunia.com/advisories/36001 - Vendor Advisory
References () http://secunia.com/advisories/36126 - Vendor Advisory () http://secunia.com/advisories/36126 - Vendor Advisory
References () http://secunia.com/advisories/36141 - Vendor Advisory () http://secunia.com/advisories/36141 - Vendor Advisory
References () http://secunia.com/advisories/36435 - Vendor Advisory () http://secunia.com/advisories/36435 - Vendor Advisory
References () http://secunia.com/advisories/36669 - () http://secunia.com/advisories/36669 -
References () http://secunia.com/advisories/36670 - () http://secunia.com/advisories/36670 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1 -
References () http://www.debian.org/security/2009/dsa-1873 - () http://www.debian.org/security/2009/dsa-1873 -
References () http://www.mozilla.org/security/announce/2009/mfsa2009-44.html - Patch, Vendor Advisory () http://www.mozilla.org/security/announce/2009/mfsa2009-44.html - Patch, Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2009-1430.html - () http://www.redhat.com/support/errata/RHSA-2009-1430.html -
References () http://www.redhat.com/support/errata/RHSA-2009-1431.html - () http://www.redhat.com/support/errata/RHSA-2009-1431.html -
References () http://www.redhat.com/support/errata/RHSA-2009-1432.html - () http://www.redhat.com/support/errata/RHSA-2009-1432.html -
References () http://www.securityfocus.com/archive/1/505242/30/0/threaded - Exploit () http://www.securityfocus.com/archive/1/505242/30/0/threaded - Exploit
References () http://www.securityfocus.com/archive/1/505265 - () http://www.securityfocus.com/archive/1/505265 -
References () http://www.securityfocus.com/bid/35803 - Exploit, Patch () http://www.securityfocus.com/bid/35803 - Exploit, Patch
References () http://www.securitytracker.com/id?1022603 - () http://www.securitytracker.com/id?1022603 -
References () http://www.vupen.com/english/advisories/2009/2006 - Patch, Vendor Advisory () http://www.vupen.com/english/advisories/2009/2006 - Patch, Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/2142 - Patch, Vendor Advisory () http://www.vupen.com/english/advisories/2009/2142 - Patch, Vendor Advisory
References () https://bugzilla.mozilla.org/show_bug.cgi?id=451898 - () https://bugzilla.mozilla.org/show_bug.cgi?id=451898 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686 -
References () https://usn.ubuntu.com/811-1/ - () https://usn.ubuntu.com/811-1/ -
References () https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html - () https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html -
References () https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html - () https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html -

Information

Published : 2009-08-03 14:30

Updated : 2024-11-21 01:05


NVD link : CVE-2009-2654

Mitre link : CVE-2009-2654

CVE.ORG link : CVE-2009-2654


JSON object : View

Products Affected

mozilla

  • firefox
CWE
CWE-20

Improper Input Validation