Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2009-62
HistoryOct 27, 2009 - 12:00 a.m.

Download filename spoofing with RTL override β€” Mozilla

2009-10-2700:00:00
Mozilla Foundation
www.mozilla.org
23

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.6%

JSON

Mozilla security researchers Jesse Ruderman and Sid Stamm reported that when downloading a file containing a right-to-left override character (RTL) in the filename, the name displayed in the dialog title bar conflicts with the name of the file shown in the dialog body. An attacker could use this vulnerability to obfuscate the name and file extension of a file to be downloaded and opened, potentially causing a user to run an executable file when they expected to open a non-executable file.

Affected configurations

Vulners
Node
mozillafirefoxRange<3.0.15
OR
mozillafirefoxRange<3.5.4
OR
mozillaseamonkeyRange<2
CPENameOperatorVersion
firefoxlt3.0.15
firefoxlt3.5.4
seamonkeylt2

Related

prion 1
nvd 1
cvelist 1
seebug 2
veracode 1
securityvulns 2
ubuntucve 1
cve 1
openvas 61
nessus 46
oraclelinux 3
ubuntu 3
centos 4
redhat 4
fedora 42
debian 1
osv 1
freebsd 2
vmware 2
suse 1
gentoo 1
prion
prion
Code injection
2009-10-29 14:30:00
nvd
nvd
CVE-2009-3376
2009-10-29 14:30:00
cvelist
cvelist
CVE-2009-3376
2009-10-29 14:00:00
seebug
seebug
Mozilla Firefox下载文仢名欺ιͺ—ζΌζ΄ž
2009-11-03 00:00:00
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
2010-03-19 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:36:53
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-62
2009-10-28 00:00:00
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2009-11-05 00:00:00
ubuntucve
ubuntucve
CVE-2009-3376
2009-10-29 00:00:00
cve
cve
CVE-2009-3376
2009-10-29 14:30:00
openvas
openvas
Mozilla Seamonkey Multiple Vulnerabilities (Nov 2009) - Linux
2009-11-04 00:00:00
Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Windows)
2009-11-04 00:00:00
Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Linux)
2009-11-04 00:00:00
nessus
nessus
SeaMonkey < 2.0 Multiple Vulnerabilities
2009-10-29 00:00:00
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
Mozilla Thunderbird < 2.0.0.24 Multiple Vulnerabilities
2010-03-19 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2009-10-28 00:00:00
firefox security update
2009-10-28 00:00:00
thunderbird security update
2010-03-17 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2010-03-18 00:00:00
Firefox and Xulrunner vulnerabilities
2009-10-31 00:00:00
Firefox and Xulrunner regression
2009-11-11 00:00:00
centos
centos
seamonkey security update
2009-10-28 13:15:48
firefox, nspr security update
2009-10-28 13:44:04
thunderbird security update
2010-03-26 20:37:29
redhat
redhat
(RHSA-2009:1531) Critical: seamonkey security update
2009-10-27 00:00:00
(RHSA-2009:1530) Critical: firefox security update
2009-10-27 00:00:00
(RHSA-2010:0153) Moderate: thunderbird security update
2010-03-17 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: ruby-gnome2-0.19.3-3.fc11
2009-10-29 02:59:35
[SECURITY] Fedora 11 Update: seamonkey-1.1.19-1.fc11
2010-04-21 21:53:31
[SECURITY] Fedora 11 Update: blam-1.8.5-15.fc11
2009-10-29 02:59:35
debian
debian
[SECURITY] [DSA 1922-1] New xulrunner packages fix several vulnerabilities
2009-10-28 21:13:30
osv
osv
xulrunner - several vulnerabilities
2009-10-28 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-03-16 00:00:00
mozilla -- multiple vulnerabilities
2009-10-27 00:00:00
vmware
vmware
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-11-04 14:24:35
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.6%

JSON
Related for MFSA2009-62
prion1nvd1cvelist1seebug2veracode1securityvulns2ubuntucve1cve1openvas61nessus46oraclelinux3ubuntu3centos4redhat4fedora42debian1osv1freebsd2vmware2suse1gentoo1