CVE-2009-3007 — Flock vulnerability

5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 51.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Flock Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedAug 28

Latest updateMay 2

Description

Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox3.5.1

▶NVDmozilla/seamonkey1.1.7

▶NVDflock/flock2.5.1

🔴Vulnerability Details

GHSA

GHSA-p7fh-hvqc-m963: Mozilla Firefox 3↗2022-05-02

▶

CVEList

CVE-2009-3007: Mozilla Firefox 3↗2009-08-28

▶

📋Vendor Advisories

Red Hat

seamonkey: local fake url/file same origin spoof↗2009-08-15

▶

💬Community

Bugzilla

CVE-2009-3007 seamonkey: local fake url/file same origin spoof↗2009-08-28

▶