Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-4100
HistoryNov 29, 2009 - 1:08 p.m.

CVE-2009-4100

2009-11-2913:08:29
CWE-20
[email protected]
web.nvd.nist.gov
20
yoono
extension
firefox
cve-2009-4100
security
vulnerability
remote execution
cross-domain scripting

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.

Affected configurations

NVD
Node
yoonoyoonoRange≀6.1.0
OR
yoonoyoonoMatch2.0.2.474
OR
yoonoyoonoMatch2.0.3.564
OR
yoonoyoonoMatch2.0.4.641
OR
yoonoyoonoMatch2.1.0.743
OR
yoonoyoonoMatch2.2.1.1038
OR
yoonoyoonoMatch3.0.0.1268
OR
yoonoyoonoMatch3.0.0.1270
OR
yoonoyoonoMatch3.0.1.1388
OR
yoonoyoonoMatch3.0.2.1976
OR
yoonoyoonoMatch3.0.3.2369
OR
yoonoyoonoMatch3.0.4.2469
OR
yoonoyoonoMatch3.0.5.2626
OR
yoonoyoonoMatch3.0.6.2723
OR
yoonoyoonoMatch3.1.0.2898
OR
yoonoyoonoMatch3.1.1.2999
OR
yoonoyoonoMatch4.0.0.4529
OR
yoonoyoonoMatch4.0.1.4774
OR
yoonoyoonoMatch4.0.2.5149
OR
yoonoyoonoMatch4.0.3.5488
OR
yoonoyoonoMatch5.0.1.11511_11520
OR
yoonoyoonoMatch5.0.3
OR
yoonoyoonoMatch5.0.4
OR
yoonoyoonoMatch5.0.5
OR
yoonoyoonoMatch5.0.6
OR
yoonoyoonoMatch5.0.7
OR
yoonoyoonoMatch5.0.7.2
OR
yoonoyoonoMatch5.1.0
OR
yoonoyoonoMatch5.2.0
OR
yoonoyoonoMatch5.3.0
OR
yoonoyoonoMatch5.4.0
OR
yoonoyoonoMatch6.0.0
OR
yoonoyoonoMatch6.0.1
AND
mozillafirefox

Related

prion 1
nvd 1
cvelist 1
seebug 1
rosalinux 1
prion
prion
Cross site scripting
2009-11-29 13:08:00
nvd
nvd
CVE-2009-4100
2009-11-29 13:08:29
cvelist
cvelist
CVE-2009-4100
2009-11-28 11:00:00
seebug
seebug
Firefox Yoono扩展DOMδΊ‹δ»Άε€„η†ε™¨θ·¨εŸŸθ„šζœ¬ζ‰§θ‘ŒζΌζ΄ž
2009-12-04 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2370
2024-03-12 08:35:15

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON
Related for CVE-2009-4100
prion1nvd1cvelist1seebug1rosalinux1