CVE-2009-0354 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

2.6LOWNVD

EPSS

0.8%

top 26.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedFeb 4

Latest updateMay 2

Description

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox6 versions+5

🔴Vulnerability Details

GHSA

GHSA-f7gf-49mv-q3m5: Cross-domain vulnerability in js/src/jsobj↗2022-05-02

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-02-10

▶

Red Hat

Firefox XSS using a chrome XBL method and window.eval↗2009-02-03

▶

💬Community

Bugzilla

CVE-2009-0354 Firefox XSS using a chrome XBL method and window.eval↗2009-01-29

▶