CVE-2009-0777 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation CWE-732 — Incorrect Permission Assignment10 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

2.0%

top 16.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedMar 5

Latest updateMay 2

Description

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶NVDmozilla/firefox3.0.6+49

▶NVDmozilla/seamonkey1.1.14+23

▶NVDmozilla/thunderbird2.0.0.20+11

🔴Vulnerability Details

GHSA

GHSA-9q9q-525p-x46x: Mozilla Firefox before 3↗2022-05-02

▶

CVEList

CVE-2009-0777: Mozilla Firefox before 3↗2009-03-05

▶

📋Vendor Advisories

Red Hat

dovecot: Insecure permissions set for certain directories at installation time↗2009-11-20

▶

Red Hat

backintime: makes all files world-readable in snapshot when removing it↗2009-08-27

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-03-05

▶

Red Hat

Firefox URL spoofing with invisible control characters↗2009-03-04

▶

💬Community

Bugzilla

CVE-2009-0777 Firefox URL spoofing with invisible control characters↗2009-03-03

▶