Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2009-4101
HistoryNov 29, 2009 - 1:08 p.m.

CVE-2009-4101

2009-11-2913:08:29
CWE-20
mitre
web.nvd.nist.gov
27
inforss
firefox
arbitrary commands
rss
cross-domain scripting
cve-2009-4101

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

0.009

Percentile

82.4%

JSON

infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.

Affected configurations

Nvd
Node
didier_ernotteinforssRange≀1.1.4.2
OR
didier_ernotteinforssMatch0.5
OR
didier_ernotteinforssMatch0.7.7
OR
didier_ernotteinforssMatch0.8.4
OR
didier_ernotteinforssMatch0.8.7
OR
didier_ernotteinforssMatch0.8.8.1
OR
didier_ernotteinforssMatch0.8.8.2
OR
didier_ernotteinforssMatch0.8.9
OR
didier_ernotteinforssMatch0.8.9.1
OR
didier_ernotteinforssMatch0.8.9.3
OR
didier_ernotteinforssMatch0.8.9.4
OR
didier_ernotteinforssMatch0.8.9.5
OR
didier_ernotteinforssMatch0.9.0
OR
didier_ernotteinforssMatch0.10.0
OR
didier_ernotteinforssMatch0.10.1
OR
didier_ernotteinforssMatch1.0.0
OR
didier_ernotteinforssMatch1.1.0.1
OR
didier_ernotteinforssMatch1.1.1
OR
didier_ernotteinforssMatch1.1.2
OR
didier_ernotteinforssMatch1.1.3
OR
didier_ernotteinforssMatch1.1.4
OR
didier_ernotteinforssMatch1.1.4.1
AND
mozillafirefox
VendorProductVersionCPE
didier_ernotteinforss*cpe:2.3:a:didier_ernotte:inforss:*:*:*:*:*:*:*:*
didier_ernotteinforss0.5cpe:2.3:a:didier_ernotte:inforss:0.5:*:*:*:*:*:*:*
didier_ernotteinforss0.7.7cpe:2.3:a:didier_ernotte:inforss:0.7.7:*:*:*:*:*:*:*
didier_ernotteinforss0.8.4cpe:2.3:a:didier_ernotte:inforss:0.8.4:*:*:*:*:*:*:*
didier_ernotteinforss0.8.7cpe:2.3:a:didier_ernotte:inforss:0.8.7:*:*:*:*:*:*:*
didier_ernotteinforss0.8.8.1cpe:2.3:a:didier_ernotte:inforss:0.8.8.1:*:*:*:*:*:*:*
didier_ernotteinforss0.8.8.2cpe:2.3:a:didier_ernotte:inforss:0.8.8.2:*:*:*:*:*:*:*
didier_ernotteinforss0.8.9cpe:2.3:a:didier_ernotte:inforss:0.8.9:*:*:*:*:*:*:*
didier_ernotteinforss0.8.9.1cpe:2.3:a:didier_ernotte:inforss:0.8.9.1:*:*:*:*:*:*:*
didier_ernotteinforss0.8.9.3cpe:2.3:a:didier_ernotte:inforss:0.8.9.3:*:*:*:*:*:*:*
Rows per page:
1-10 of 231

Related

prion 1
cvelist 1
seebug 1
nvd 1
rosalinux 1
prion
prion
Cross site scripting
2009-11-29 13:08:00
cvelist
cvelist
CVE-2009-4101
2009-11-28 11:00:00
seebug
seebug
Firefox infoRSS扩展RSSζΊθ·¨εŸŸθ„šζœ¬ζ‰§θ‘ŒζΌζ΄ž
2009-12-03 00:00:00
nvd
nvd
CVE-2009-4101
2009-11-29 13:08:29
rosalinux
rosalinux
Advisory ROSA-SA-2024-2370
2024-03-12 08:35:15

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

0.009

Percentile

82.4%

JSON
Related for CVE-2009-4101
prion1cvelist1seebug1nvd1rosalinux1