CVE-2009-3076
published 2009-09-10CVE-2009-3076: Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations…
PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.72%
93.1th percentile
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.
Affected
93 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | <= 3.0.13 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_ubuntu10.0CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox and Xulrunner vulnerabilities
vendor_ubuntu·2009-09-10·CVSS 10.0
CVE-2009-3070 [CRITICAL] Firefox and Xulrunner vulnerabilities
Title: Firefox and Xulrunner vulnerabilities
Summary: Firefox and Xulrunner vulnerabilities
Several flaws were discovered in the Firefox browser and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2009-3070,
CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075)
Jesse Ruderman and Dan Kaminsky discovered that Firefox did not adequately
inform users when security modules were added or removed via PKCS11. If
a user visited a malicious website, an attacker could exploit this to
trick the user into installing a malicious PKCS11 module. (CVE-2009-3076)
It was discovered that Firefox did not properly manage memory wh
Red Hat
Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal
vendor_redhat·2009-09-09·CVSS 9.3
CVE-2009-3076 [CRITICAL] Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal
Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.
GHSA
GHSA-38w6-8hf5-r299: Mozilla Firefox before 3
ghsa_unreviewed·2022-05-02
CVE-2009-3076 [HIGH] GHSA-38w6-8hf5-r299: Mozilla Firefox before 3
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.
No detection rules found.
http://secunia.com/advisories/36669http://secunia.com/advisories/36670http://secunia.com/advisories/36671http://secunia.com/advisories/36692http://secunia.com/advisories/37098http://www.debian.org/security/2009/dsa-1885http://www.mozilla.org/security/announce/2009/mfsa2009-48.htmlhttp://www.novell.com/linux/security/advisories/2009_48_firefox.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1430.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1431.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1432.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0153.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0154.htmlhttp://www.securityfocus.com/bid/36343http://www.securitytracker.com/id?1022877http://www.vupen.com/english/advisories/2010/0650https://bugzilla.mozilla.org/show_bug.cgi?id=326628https://bugzilla.mozilla.org/show_bug.cgi?id=509413https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6140https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9306http://secunia.com/advisories/36669http://secunia.com/advisories/36670http://secunia.com/advisories/36671http://secunia.com/advisories/36692http://secunia.com/advisories/37098http://www.debian.org/security/2009/dsa-1885http://www.mozilla.org/security/announce/2009/mfsa2009-48.htmlhttp://www.novell.com/linux/security/advisories/2009_48_firefox.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1430.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1431.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1432.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0153.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0154.htmlhttp://www.securityfocus.com/bid/36343http://www.securitytracker.com/id?1022877http://www.vupen.com/english/advisories/2010/0650https://bugzilla.mozilla.org/show_bug.cgi?id=326628https://bugzilla.mozilla.org/show_bug.cgi?id=509413https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6140https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9306
2009-09-10
Published