Executive Summary

Informations
Name CVE-2009-3079 First vendor Publication 2009-09-10
Vendor Cve Last vendor Modification 2017-09-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10390
 
Oval ID: oval:org.mitre.oval:def:10390
Title: Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
Description: Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3079
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13029
 
Oval ID: oval:org.mitre.oval:def:13029
Title: USN-821-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities
Description: Several flaws were discovered in the Firefox browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Jesse Ruderman and Dan Kaminsky discovered that Firefox did not adequately inform users when security modules were added or removed via PKCS11. If a user visited a malicious website, an attacker could exploit this to trick the user into installing a malicious PKCS11 module. It was discovered that Firefox did not properly manage memory when using XUL tree elements. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Juan Pablo Lopez Yacubian discovered that Firefox did properly display certain Unicode characters in the location bar and other text fields when using a certain non-Ubuntu font. If a user configured Firefox to use this font, an attacker could exploit this to spoof the location bar, such as in a phishing attack. It was discovered that the BrowserFeedWriter in Firefox could be subverted to run JavaScript code from web content with elevated chrome privileges. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program
Family: unix Class: patch
Reference(s): USN-821-1
CVE-2009-3070
CVE-2009-3071
CVE-2009-3072
CVE-2009-3074
CVE-2009-3075
CVE-2009-3076
CVE-2009-3077
CVE-2009-3078
CVE-2009-3079
 Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
 Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13601
 
Oval ID: oval:org.mitre.oval:def:13601
Title: DSA-1886-1 iceweasel -- several
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3079 "moz_bug_r_a4" discovered that a programming error in the FeedWriter module could lead to the execution of Javascript code with elevated privileges. CVE-2009-1310 Prateek Saxena discovered a cross-site scripting vulnerability in the MozSearch plugin interface. For the stable distribution, these problems have been fixed in version 3.0.6-3. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 3.0.14-1. For the experimental distribution, these problems have been fixed in version 3.5.3-1. We recommend that you upgrade your iceweasel packages.
Family: unix Class: patch
Reference(s): DSA-1886-1
CVE-2009-1310
CVE-2009-3079
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22775
 
Oval ID: oval:org.mitre.oval:def:22775
Title: ELSA-2009:1430: firefox security update (Critical)
Description: Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
Family: unix Class: patch
Reference(s): ELSA-2009:1430-01
CVE-2009-2654
CVE-2009-3070
CVE-2009-3071
CVE-2009-3072
CVE-2009-3074
CVE-2009-3075
CVE-2009-3076
CVE-2009-3077
CVE-2009-3078
CVE-2009-3079
 Version: 45
Platform(s): Oracle Linux 5
 Product(s): firefox
nspr
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29334
 
Oval ID: oval:org.mitre.oval:def:29334
Title: RHSA-2009:1430 -- firefox security update (Critical)
Description: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR).
Family: unix Class: patch
Reference(s): RHSA-2009:1430
CESA-2009:1430-CentOS 5
CVE-2009-2654
CVE-2009-3070
CVE-2009-3071
CVE-2009-3072
CVE-2009-3074
CVE-2009-3075
CVE-2009-3076
CVE-2009-3077
CVE-2009-3078
CVE-2009-3079
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
 Product(s): firefox
nspr
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6250
 
Oval ID: oval:org.mitre.oval:def:6250
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow remote arbitrary code Vulnerability
Description: Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3079
 Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
 Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8008
 
Oval ID: oval:org.mitre.oval:def:8008
Title: DSA-1886 iceweasel -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: "moz_bug_r_a4" discovered that a programming error in the FeedWriter module could lead to the execution of Javascript code with elevated privileges. Prateek Saxena discovered a cross-site scripting vulnerability in the MozSearch plugin interface.
Family: unix Class: patch
Reference(s): DSA-1886
CVE-2009-1310
CVE-2009-3079
 Version: 3
Platform(s): Debian GNU/Linux 5.0
 Product(s): iceweasel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 188

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for firefox CESA-2009:1430 centos4 i386
File : nvt/gb_CESA-2009_1430_firefox_centos4_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:1430 centos5 i386
File : nvt/gb_CESA-2009_1430_firefox_centos5_i386.nasl
2009-10-27 Name : SLES10: Security update for Mozilla Firefox
File : nvt/sles10_firefox35upgrad.nasl
2009-10-27 Name : SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox)
File : nvt/suse_sa_2009_048.nasl
2009-10-11 Name : SLES11: Security update for Firefox
File : nvt/sles11_MozillaFirefox6.nasl
2009-10-11 Name : SLES11: Security update for Mozilla
File : nvt/sles11_mozilla-xulrunn0.nasl
2009-09-21 Name : Mandrake Security Advisory MDVSA-2009:236 (firefox)
File : nvt/mdksa_2009_236.nasl
2009-09-15 Name : RedHat Security Advisory RHSA-2009:1430
File : nvt/RHSA_2009_1430.nasl
2009-09-15 Name : Debian Security Advisory DSA 1886-1 (iceweasel)
File : nvt/deb_1886_1.nasl
2009-09-15 Name : Fedora Core 10 FEDORA-2009-9494 (epiphany)
File : nvt/fcore_2009_9494.nasl
2009-09-15 Name : Fedora Core 11 FEDORA-2009-9505 (epiphany-extensions)
File : nvt/fcore_2009_9505.nasl
2009-09-15 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox41.nasl
2009-09-15 Name : CentOS Security Advisory CESA-2009:1430 (seamonkey)
File : nvt/ovcesa2009_1430.nasl
2009-09-15 Name : Ubuntu USN-821-1 (xulrunner-1.9)
File : nvt/ubuntu_821_1.nasl
2009-09-11 Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux)
File : nvt/secpod_firefox_mult_vuln_sep09_lin.nasl
2009-09-11 Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Win)
File : nvt/secpod_firefox_mult_vuln_sep09_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
57980 Mozilla Firefox FeedWriter Privileged JavaScript Execution

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090909_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-090922.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_firefox35upgrade-6563.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6562.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1886.nasl - Type : ACT_GATHER_INFO
2009-10-20 Name : The remote SuSE system is missing the security patch firefox35upgrade-6562
File : suse_firefox35upgrade-6562.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-6495.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090924.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-090917.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO
2009-09-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-236.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-9505.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-9494.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_922d23989e2d11dea9980030843d3802.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-821-1.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3014.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_353.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://secunia.com/advisories/36671
http://www.securityfocus.com/bid/36343
CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-51.html
https://bugzilla.mozilla.org/show_bug.cgi?id=454363
DEBIAN http://www.debian.org/security/2009/dsa-1886
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2009-1430.html
SECTRACK http://www.securitytracker.com/id?1022873
SECUNIA http://secunia.com/advisories/36670
http://secunia.com/advisories/36757
http://secunia.com/advisories/37098
SUSE http://www.novell.com/linux/security/advisories/2009_48_firefox.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Date Informations
2024-02-10 01:11:02
  • Multiple Updates
2024-02-02 01:11:37
  • Multiple Updates
2024-02-01 12:03:14
  • Multiple Updates
2023-09-05 12:10:52
  • Multiple Updates
2023-09-05 01:03:05
  • Multiple Updates
2023-09-02 12:10:58
  • Multiple Updates
2023-09-02 01:03:07
  • Multiple Updates
2023-08-12 12:12:54
  • Multiple Updates
2023-08-12 01:03:06
  • Multiple Updates
2023-08-11 12:10:59
  • Multiple Updates
2023-08-11 01:03:14
  • Multiple Updates
2023-08-06 12:10:35
  • Multiple Updates
2023-08-06 01:03:08
  • Multiple Updates
2023-08-04 12:10:40
  • Multiple Updates
2023-08-04 01:03:10
  • Multiple Updates
2023-07-14 12:10:38
  • Multiple Updates
2023-07-14 01:03:08
  • Multiple Updates
2023-03-29 01:12:09
  • Multiple Updates
2023-03-28 12:03:14
  • Multiple Updates
2022-10-11 12:09:28
  • Multiple Updates
2022-10-11 01:02:56
  • Multiple Updates
2021-05-04 12:10:05
  • Multiple Updates
2021-04-22 01:10:28
  • Multiple Updates
2020-10-14 01:04:47
  • Multiple Updates
2020-10-03 01:04:46
  • Multiple Updates
2020-05-29 01:04:22
  • Multiple Updates
2020-05-23 01:40:50
  • Multiple Updates
2020-05-23 00:24:17
  • Multiple Updates
2017-11-22 12:03:06
  • Multiple Updates
2017-09-19 09:23:23
  • Multiple Updates
2016-04-26 19:05:19
  • Multiple Updates
2014-02-17 10:51:31
  • Multiple Updates
2013-05-10 23:56:47
  • Multiple Updates