CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
78.8%
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
mozilla | firefox | 1.0 | cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.1 | cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.2 | cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.3 | cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.4 | cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.5 | cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.6 | cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.7 | cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.8 | cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
secunia.com/advisories/34140
secunia.com/advisories/34145
secunia.com/advisories/34272
securitytracker.com/alerts/2009/Mar/1021799.html
support.avaya.com/elmodocs2/security/ASA-2009-069.htm
support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
www.mandriva.com/security/advisories?name=MDVSA-2009:075
www.mozilla.org/security/announce/2009/mfsa2009-11.html
www.redhat.com/support/errata/RHSA-2009-0315.html
www.securityfocus.com/bid/33990
www.vupen.com/english/advisories/2009/0632
bugzilla.mozilla.org/show_bug.cgi?id=452979
exchange.xforce.ibmcloud.com/vulnerabilities/49087
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11222
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6039
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6157
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6229
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7435