CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.8%
Mozilla Foundation reports:
MFSA 2009-22: Firefox allows Refresh header to redirect to
javascript: URIs
MFSA 2009-21: POST data sent to wrong site when saving web page
with embedded frame
MFSA 2009-20: Malicious search plugins can inject code into
arbitrary sites
MFSA 2009-19: Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString
MFSA 2009-18: XSS hazard using third-party stylesheets and XBL
bindings
MFSA 2009-17: Same-origin violations when Adobe Flash loaded via
view-source: scheme
MFSA 2009-16: jar: scheme ignores the content-disposition: header
on the inner URI
MFSA 2009-15: URL spoofing with box drawing character
MFSA 2009-14 Crashes with evidence of memory corruption
(rv:1.9.0.9)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | firefox | < 2.0.0.20_7,1 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox | < 3.0.9 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox-devel | < 3.0.9 | UNKNOWN |
FreeBSD | any | noarch | seamonkey | < 1.1.17 | UNKNOWN |
FreeBSD | any | noarch | linux-seamonkey | < 1.1.17 | UNKNOWN |
FreeBSD | any | noarch | thunderbird | < 2.0.0.22 | UNKNOWN |
FreeBSD | any | noarch | linux-thunderbird | < 2.0.0.22 | UNKNOWN |
www.mozilla.org/security/announce/2009/mfsa2009-14.html
www.mozilla.org/security/announce/2009/mfsa2009-15.html
www.mozilla.org/security/announce/2009/mfsa2009-16.html
www.mozilla.org/security/announce/2009/mfsa2009-17.html
www.mozilla.org/security/announce/2009/mfsa2009-18.html
www.mozilla.org/security/announce/2009/mfsa2009-19.html
www.mozilla.org/security/announce/2009/mfsa2009-20.html
www.mozilla.org/security/announce/2009/mfsa2009-21.html
www.mozilla.org/security/announce/2009/mfsa2009-22.html