CVE-2009-3078 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.7%

top 17.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedSep 10

Latest updateMay 2

Description

Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox3.0.13+95

🔴Vulnerability Details

GHSA

GHSA-q948-rp96-c8w7: Visual truncation vulnerability in Mozilla Firefox before 3↗2022-05-02

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-09-10

▶

Red Hat

Firefox 3.5.3 3.0.14 Location bar spoofing via tall line-height Unicode characters↗2009-09-09

▶

💬Community

Bugzilla

CVE-2009-3078 Firefox 3.5.3 3.0.14 Location bar spoofing via tall line-height Unicode characters↗2009-09-07

▶