CVE-2009-3274 — Mozilla Firefox vulnerability

6 documents5 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 65.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedSep 21

Latest updateMay 2

Description

Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/firefox41 versions+40

🔴Vulnerability Details

GHSA

GHSA-r6ww-vw3x-xp48: Mozilla Firefox 3↗2022-05-02

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner regression↗2009-11-11

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-10-31

▶

Red Hat

Firefox: Predictable /tmp pathname use↗2009-09-09

▶

💬Community

Bugzilla

CVE-2009-3274 Firefox: Predictable /tmp pathname use↗2009-09-22

▶