Executive Summary

Informations
Name CVE-2009-2665 First vendor Publication 2009-08-04
Vendor Cve Last vendor Modification 2009-09-04

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

OpenVAS Exploits

Date Description
2009-08-17 Name : Fedora Core 11 FEDORA-2009-8279 (xulrunner)
File : nvt/fcore_2009_8279.nasl
2009-08-17 Name : Fedora Core 10 FEDORA-2009-8288 (perl-Gtk2-MozEmbed)
File : nvt/fcore_2009_8288.nasl
2009-08-07 Name : Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Linux)
File : nvt/gb_firefox_chrome_priv_esc_vuln_aug09_lin.nasl
2009-08-07 Name : Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Win)
File : nvt/gb_firefox_chrome_priv_esc_vuln_aug09_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56718 Mozilla Firefox content/base/src/nsDocument.cpp Add-on Handling Cached Securi...

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-8279.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-8288.nasl - Type : ACT_GATHER_INFO
2009-08-04 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_352.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/35928
CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-46.html
https://bugzilla.mozilla.org/show_bug.cgi?id=498897
FEDORA https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198....
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261....
SECUNIA http://secunia.com/advisories/36126
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
VUPEN http://www.vupen.com/english/advisories/2009/2142

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2021-05-04 12:09:52
  • Multiple Updates
2021-04-22 01:10:14
  • Multiple Updates
2020-05-23 00:24:06
  • Multiple Updates
2016-04-26 19:00:38
  • Multiple Updates
2014-02-17 10:51:00
  • Multiple Updates
2013-05-10 23:54:45
  • Multiple Updates