CVE-2009-3370 — Mozilla Firefox vulnerability

7 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 31.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedOct 29

Latest updateMay 2

Description

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox18 versions+17

🔴Vulnerability Details

GHSA

GHSA-m9x4-cr95-4r8p: Mozilla Firefox before 3↗2022-05-02

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner regression↗2009-11-11

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-10-31

▶

Red Hat

Firefox form history vulnerable to stealing↗2009-10-27

▶

💬Community

Bugzilla

CVE-2009-3379 libvorbis: security fixes mentioned in MFSA 2009-63↗2009-10-29

▶

Bugzilla

CVE-2009-3370 Firefox form history vulnerable to stealing↗2009-10-21

▶