Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0253 — Mozilla Firefox vulnerability

5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

3.9%

top 11.75%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox

Timeline

PublishedJan 22

Latest updateMay 2

Description

Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/firefox3.0.5

🔴Vulnerability Details

GHSA

GHSA-46q2-jwmx-26gx: Mozilla Firefox 3↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox 3.0.5 - Status Bar Obfuscation / Clickjacking↗2009-01-21

▶

📋Vendor Advisories

Red Hat

mozilla: status bar obfuscation↗2009-01-21

▶

💬Community

Bugzilla

CVE-2009-0253 mozilla: status bar obfuscation↗2009-01-23

▶