Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3076 — Mozilla Firefox vulnerability

6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

17.6%

top 4.90%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox

Timeline

PublishedSep 10

Latest updateMay 2

Description

Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmozilla/firefox3.0.13+92

🔴Vulnerability Details

GHSA

GHSA-38w6-8hf5-r299: Mozilla Firefox before 3↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox < 3.0.14 - Multiplatform Remote Code Execution via pkcs11.addmodule↗2009-09-11

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-09-10

▶

Red Hat

Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal↗2009-09-09

▶

💬Community

Bugzilla

CVE-2009-3076 Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal↗2009-09-07

▶