Lucene search

[email protected]NVD:CVE-2009-0652

HistoryFeb 20, 2009 - 7:30 p.m.

CVE-2009-0652

2009-02-2019:30:00

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.4

Confidence

High

EPSS

0.939

Percentile

99.2%

JSON

The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.

Affected configurations

Nvd

Node

mozillafirefoxRange≤3.0.6

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch1.5.0.11

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillafirefoxMatch2.0.0.13

mozillafirefoxMatch2.0.0.14

mozillafirefoxMatch2.0.0.15

mozillafirefoxMatch2.0.0.16

mozillafirefoxMatch2.0.0.17

mozillafirefoxMatch2.0.0.18

mozillafirefoxMatch2.0.0.19

mozillafirefoxMatch2.0.0.20

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillaseamonkeyRange≤1.1.14

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillathunderbirdRange≤2.0.0.20

mozillathunderbirdMatch2.0.0.0

mozillathunderbirdMatch2.0.0.4

mozillathunderbirdMatch2.0.0.5

mozillathunderbirdMatch2.0.0.6

mozillathunderbirdMatch2.0.0.9

mozillathunderbirdMatch2.0.0.12

mozillathunderbirdMatch2.0.0.14

mozillathunderbirdMatch2.0.0.16

mozillathunderbirdMatch2.0.0.17

mozillathunderbirdMatch2.0.0.18

mozillathunderbirdMatch2.0.0.19

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox1.0cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
mozillafirefox1.0.1cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
mozillafirefox1.0.2cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
mozillafirefox1.0.3cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
mozillafirefox1.0.4cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
mozillafirefox1.0.5cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
mozillafirefox1.0.6cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
mozillafirefox1.0.7cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
mozillafirefox1.0.8cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	1.0	cpe:2.3:a:mozilla:firefox:1.0:::::::*
mozilla	firefox	1.0.1	cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
mozilla	firefox	1.0.2	cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
mozilla	firefox	1.0.3	cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
mozilla	firefox	1.0.4	cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
mozilla	firefox	1.0.5	cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
mozilla	firefox	1.0.6	cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
mozilla	firefox	1.0.7	cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
mozilla	firefox	1.0.8	cpe:2.3:a:mozilla:firefox:1.0.8:::::::*