CVE-2009-0777

medium

Description

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

References

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html

https://bugzilla.mozilla.org/show_bug.cgi?id=452979

http://secunia.com/advisories/34140

http://secunia.com/advisories/34145

http://secunia.com/advisories/34272

http://securitytracker.com/alerts/2009/Mar/1021799.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/49087

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11222

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6039

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6157

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6229

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7435

http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

http://www.mandriva.com/security/advisories?name=MDVSA-2009:075

http://www.mozilla.org/security/announce/2009/mfsa2009-11.html

http://www.redhat.com/support/errata/RHSA-2009-0315.html

http://www.vupen.com/english/advisories/2009/0632

Details

Source: Mitre, NVD

Published: 2009-03-05

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Severity: Medium