CVE-2009-3079 — Code Injection in Mozilla Firefox

CWE-94 — Code Injection5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

1.5%

top 18.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedSep 10

Latest updateMay 2

Description

Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmozilla/firefox3.0.13+95

🔴Vulnerability Details

GHSA

GHSA-pgvx-j63m-jjgr: Unspecified vulnerability in Mozilla Firefox before 3↗2022-05-02

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-09-10

▶

Red Hat

Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter↗2009-09-09

▶

💬Community

Bugzilla

CVE-2009-3079 Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter↗2009-09-07

▶