Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-3078 | First vendor Publication | 2009-09-10 |
| Vendor | Cve | Last vendor Modification | 2017-09-19 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10871 | |||
| Oval ID: | oval:org.mitre.oval:def:10871 | ||
| Title: | Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | ||
| Description: | Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3078 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13610 | |||
| Oval ID: | oval:org.mitre.oval:def:13610 | ||
| Title: | DSA-1885-1 xulrunner -- several | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3070 Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3071 Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3072 Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3074 Jesse Ruderman discovered a crash in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-3075 Carsten Book and "Taral" discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3076 Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 securiy modules wasn’t informative enough, which might allow social engineering attacks. CVE-2009-3077 It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. CVE-2009-3078 Juan Pablo Lopez Yacubian discovered that incorrent rendering of some Unicode font characters could lead to spoofing attacks on the location bar. For the stable distribution, these problems have been fixed in version 1.9.0.14-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.0.14-1. For the experimental distribution, these problems have been fixed in version 1.9.1.3-1. We recommend that you upgrade your xulrunner package. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1885-1 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5418 | |||
| Oval ID: | oval:org.mitre.oval:def:5418 | ||
| Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow Visual truncation vulnerability | ||
| Description: | Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3078 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7766 | |||
| Oval ID: | oval:org.mitre.oval:def:7766 | ||
| Title: | DSA-1885 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered crashes in the layout engine, which might allow the execution of arbitrary code. Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered a crash in the Javascript engine, which might allow the execution of arbitrary code. Carsten Book and "Taral" discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 securiy modules wasn't informative enough, which might allow social engineering attacks. It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. Juan Pablo Lopez Yacubian discovered that incorrent rendering of some Unicode font characters could lead to spoofing attacks on the location bar. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1885 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:1430 centos4 i386 File : nvt/gb_CESA-2009_1430_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:1430 centos5 i386 File : nvt/gb_CESA-2009_1430_firefox_centos5_i386.nasl |
| 2009-10-27 | Name : SLES10: Security update for Mozilla Firefox File : nvt/sles10_firefox35upgrad.nasl |
| 2009-10-27 | Name : SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox) File : nvt/suse_sa_2009_048.nasl |
| 2009-10-11 | Name : SLES11: Security update for Firefox File : nvt/sles11_MozillaFirefox6.nasl |
| 2009-10-11 | Name : SLES11: Security update for Mozilla File : nvt/sles11_mozilla-xulrunn0.nasl |
| 2009-09-21 | Name : Mandrake Security Advisory MDVSA-2009:236 (firefox) File : nvt/mdksa_2009_236.nasl |
| 2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1430 File : nvt/RHSA_2009_1430.nasl |
| 2009-09-15 | Name : Debian Security Advisory DSA 1885-1 (xulrunner) File : nvt/deb_1885_1.nasl |
| 2009-09-15 | Name : Fedora Core 10 FEDORA-2009-9494 (epiphany) File : nvt/fcore_2009_9494.nasl |
| 2009-09-15 | Name : Fedora Core 11 FEDORA-2009-9505 (epiphany-extensions) File : nvt/fcore_2009_9505.nasl |
| 2009-09-15 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox41.nasl |
| 2009-09-15 | Name : CentOS Security Advisory CESA-2009:1430 (seamonkey) File : nvt/ovcesa2009_1430.nasl |
| 2009-09-15 | Name : Ubuntu USN-821-1 (xulrunner-1.9) File : nvt/ubuntu_821_1.nasl |
| 2009-09-11 | Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux) File : nvt/secpod_firefox_mult_vuln_sep09_lin.nasl |
| 2009-09-11 | Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Win) File : nvt/secpod_firefox_mult_vuln_sep09_win.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 57979 | Mozilla Firefox Tall Line-height Unicode Character Handling Address Bar Spoofing |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-090922.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox35upgrade-6563.nasl - Type : ACT_GATHER_INFO |
| 2010-03-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6562.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1885.nasl - Type : ACT_GATHER_INFO |
| 2009-10-20 | Name : The remote SuSE system is missing the security patch firefox35upgrade-6562 File : suse_firefox35upgrade-6562.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6495.nasl - Type : ACT_GATHER_INFO |
| 2009-10-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090924.nasl - Type : ACT_GATHER_INFO |
| 2009-10-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-090917.nasl - Type : ACT_GATHER_INFO |
| 2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO |
| 2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO |
| 2009-09-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-236.nasl - Type : ACT_GATHER_INFO |
| 2009-09-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-9505.nasl - Type : ACT_GATHER_INFO |
| 2009-09-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-9494.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_922d23989e2d11dea9980030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-821-1.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3014.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_353.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-10 01:11:02 |
|
| 2024-02-02 01:11:37 |
|
| 2024-02-01 12:03:14 |
|
| 2023-09-05 12:10:52 |
|
| 2023-09-05 01:03:05 |
|
| 2023-09-02 12:10:58 |
|
| 2023-09-02 01:03:07 |
|
| 2023-08-12 12:12:54 |
|
| 2023-08-12 01:03:06 |
|
| 2023-08-11 12:10:59 |
|
| 2023-08-11 01:03:14 |
|
| 2023-08-06 12:10:35 |
|
| 2023-08-06 01:03:08 |
|
| 2023-08-04 12:10:40 |
|
| 2023-08-04 01:03:10 |
|
| 2023-07-14 12:10:37 |
|
| 2023-07-14 01:03:08 |
|
| 2023-03-29 01:12:09 |
|
| 2023-03-28 12:03:14 |
|
| 2022-10-11 12:09:28 |
|
| 2022-10-11 01:02:56 |
|
| 2021-05-04 12:10:05 |
|
| 2021-04-22 01:10:27 |
|
| 2020-10-14 01:04:47 |
|
| 2020-10-03 01:04:46 |
|
| 2020-05-29 01:04:21 |
|
| 2020-05-23 01:40:50 |
|
| 2020-05-23 00:24:17 |
|
| 2017-11-22 12:03:06 |
|
| 2017-09-19 09:23:23 |
|
| 2016-04-26 19:05:19 |
|
| 2014-02-17 10:51:31 |
|
| 2013-05-10 23:56:46 |
|
