Lucene search
Mozilla FoundationMFSA2009-48HistorySep 09, 2009 - 12:00 a.m.
Insufficient warning for PKCS11 module installation and removal — Mozilla
2009-09-0900:00:00
Mozilla Foundation
www.mozilla.org
22
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.906
Percentile
98.8%
Mozilla security researcher Jesse Ruderman reported that when security modules were added or removed via pkcs11.addmodule or pkcs11.deletemodule, the resulting dialog was not sufficiently informative. Without sufficient warning, an attacker could entice a victim to install a malicious PKCS11 module and affect the cryptographic integrity of the victim’s browser.
Affected configurations
Node
mozillafirefoxRange<3.0.14
Related
saint
saint
Mozilla Firefox PKCS11 Module Installation Code Execution
2009-09-24 00:00:00
Mozilla Firefox PKCS11 Module Installation Code Execution
2009-09-24 00:00:00
Mozilla Firefox PKCS11 Module Installation Code Execution
2009-09-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox PKCS11 Module Installation Code Execution (CVE-2009-3076)
2010-05-12 00:00:00
cvelist
cvelist
CVE-2009-3076
2009-09-10 21:00:00
ubuntucve
ubuntucve
CVE-2009-3076
2009-09-10 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-48
2009-09-10 00:00:00
Mozilla Firefox multiple security vulnerabilities
2009-09-11 00:00:00
veracode
veracode
Unauthorized Installation Or Removal
2020-04-10 00:38:01
cve
cve
CVE-2009-3076
2009-09-10 21:30:01
prion
prion
Code injection
2009-09-10 21:30:00
nvd
nvd
CVE-2009-3076
2009-09-10 21:30:01
openvas
openvas
oraclelinux
oraclelinux
seamonkey security update
2009-09-10 00:00:00
firefox security update
2009-09-10 00:00:00
thunderbird security update
2010-03-17 00:00:00
redhat
redhat
(RHSA-2009:1431) Critical: seamonkey security update
2009-09-09 00:00:00
(RHSA-2009:1432) Critical: seamonkey security update
2009-09-09 00:00:00
(RHSA-2009:1430) Critical: firefox security update
2009-09-09 00:00:00
centos
centos
seamonkey security update
2009-09-10 22:51:03
seamonkey security update
2009-09-10 11:03:30
firefox, nspr, xulrunner security update
2009-09-10 22:47:20
nessus
nessus
CentOS 3 : seamonkey (CESA-2009:1432)
2009-09-11 00:00:00
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
RHEL 3 : seamonkey (RHSA-2009:1432)
2009-09-10 00:00:00
osv
osv
xulrunner - several vulnerabilities
2009-09-14 00:00:00
debian
debian
[SECURITY] [DSA 1885-1] New xulrunner packages fix several vulnerabilities
2009-09-14 17:05:35
fedora
fedora
[SECURITY] Fedora 10 Update: Miro-2.0.5-4.fc10
2009-09-11 23:28:07
[SECURITY] Fedora 10 Update: mozvoikko-0.9.5-14.fc10
2009-09-11 23:28:07
[SECURITY] Fedora 10 Update: gnome-web-photo-0.3-22.fc10
2009-09-11 23:28:07
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2009-09-10 00:00:00
freebsd
freebsd
mozilla firefox -- multiple vulnerabilities
2009-09-10 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-10-20 17:59:46
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.906
Percentile
98.8%
Related for MFSA2009-48