CVE-2009-0777

EUVD-2009-0777
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 3.0.6
mozillafirefox
1.0
mozillafirefox
1.0.1
mozillafirefox
1.0.2
mozillafirefox
1.0.3
mozillafirefox
1.0.4
mozillafirefox
1.0.5
mozillafirefox
1.0.6
mozillafirefox
1.0.7
mozillafirefox
1.0.8
mozillafirefox
1.5
mozillafirefox
1.5.0.1
mozillafirefox
1.5.0.2
mozillafirefox
1.5.0.3
mozillafirefox
1.5.0.4
mozillafirefox
1.5.0.5
mozillafirefox
1.5.0.6
mozillafirefox
1.5.0.7
mozillafirefox
1.5.0.8
mozillafirefox
1.5.0.9
mozillafirefox
1.5.0.10
mozillafirefox
1.5.0.11
mozillafirefox
1.5.0.12
mozillafirefox
2.0
mozillafirefox
2.0.0.1
mozillafirefox
2.0.0.2
mozillafirefox
2.0.0.3
mozillafirefox
2.0.0.4
mozillafirefox
2.0.0.5
mozillafirefox
2.0.0.6
mozillafirefox
2.0.0.7
mozillafirefox
2.0.0.8
mozillafirefox
2.0.0.9
mozillafirefox
2.0.0.10
mozillafirefox
2.0.0.11
mozillafirefox
2.0.0.12
mozillafirefox
2.0.0.13
mozillafirefox
2.0.0.14
mozillafirefox
2.0.0.15
mozillafirefox
2.0.0.16
mozillafirefox
2.0.0.17
mozillafirefox
2.0.0.18
mozillafirefox
2.0.0.19
mozillafirefox
2.0.0.20
mozillafirefox
3.0
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
mozillaseamonkey
𝑥
≤ 1.1.14
mozillaseamonkey
1.0
mozillaseamonkey
1.0.1
mozillaseamonkey
1.0.2
mozillaseamonkey
1.0.3
mozillaseamonkey
1.0.5
mozillaseamonkey
1.0.6
mozillaseamonkey
1.0.7
mozillaseamonkey
1.0.8
mozillaseamonkey
1.0.9
mozillaseamonkey
1.1
mozillaseamonkey
1.1:alpha
mozillaseamonkey
1.1:beta
mozillaseamonkey
1.1.1
mozillaseamonkey
1.1.2
mozillaseamonkey
1.1.3
mozillaseamonkey
1.1.4
mozillaseamonkey
1.1.5
mozillaseamonkey
1.1.6
mozillaseamonkey
1.1.7
mozillaseamonkey
1.1.8
mozillaseamonkey
1.1.9
mozillaseamonkey
1.1.10
mozillaseamonkey
1.1.11
mozillaseamonkey
1.1.12
mozillaseamonkey
1.1.13
mozillathunderbird
𝑥
≤ 2.0.0.20
mozillathunderbird
2.0.0.0
mozillathunderbird
2.0.0.4
mozillathunderbird
2.0.0.5
mozillathunderbird
2.0.0.6
mozillathunderbird
2.0.0.9
mozillathunderbird
2.0.0.12
mozillathunderbird
2.0.0.14
mozillathunderbird
2.0.0.16
mozillathunderbird
2.0.0.17
mozillathunderbird
2.0.0.18
mozillathunderbird
2.0.0.19
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
dapper
not-affected
gutsy
not-affected
hardy
not-affected
intrepid
dne
jaunty
dne
firefox-3.0
dapper
dne
gutsy
ignored
hardy
Fixed 3.0.7+nobinonly-0ubuntu0.8.04.1
released
intrepid
Fixed 3.0.7+nobinonly-0ubuntu0.8.10.1
released
jaunty
Fixed 3.0.7+nobinonly-0ubuntu1
released
firefox-3.5
dapper
dne
gutsy
dne
hardy
dne
intrepid
dne
jaunty
Fixed 3.5+nobinonly-0ubuntu0.9.04.1
released
iceape
dapper
dne
gutsy
not-affected
hardy
dne
intrepid
dne
jaunty
dne
iceweasel
dapper
dne
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
seamonkey
dapper
dne
gutsy
dne
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
xulrunner
dapper
dne
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
xulrunner-1.9
dapper
dne
gutsy
ignored
hardy
Fixed 1.9.0.7+nobinonly-0ubuntu0.8.04.1
released
intrepid
Fixed 1.9.0.7+nobinonly-0ubuntu0.8.10.1
released
jaunty
Fixed 1.9.0.7+nobinonly-0ubuntu1
released
xulrunner-1.9.1
dapper
dne
gutsy
dne
hardy
dne
intrepid
dne
jaunty
Fixed 1.9.1+nobinonly-0ubuntu0.9.04.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
http://secunia.com/advisories/34140
http://secunia.com/advisories/34145
http://secunia.com/advisories/34272
http://securitytracker.com/alerts/2009/Mar/1021799.html
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
http://www.mozilla.org/security/announce/2009/mfsa2009-11.html
http://www.redhat.com/support/errata/RHSA-2009-0315.html
http://www.securityfocus.com/bid/33990
http://www.vupen.com/english/advisories/2009/0632
https://bugzilla.mozilla.org/show_bug.cgi?id=452979
https://exchange.xforce.ibmcloud.com/vulnerabilities/49087
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11222
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6157
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6229
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7435
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
http://secunia.com/advisories/34140
http://secunia.com/advisories/34145
http://secunia.com/advisories/34272
http://securitytracker.com/alerts/2009/Mar/1021799.html
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
http://www.mozilla.org/security/announce/2009/mfsa2009-11.html
http://www.redhat.com/support/errata/RHSA-2009-0315.html
http://www.securityfocus.com/bid/33990
http://www.vupen.com/english/advisories/2009/0632
https://bugzilla.mozilla.org/show_bug.cgi?id=452979
https://exchange.xforce.ibmcloud.com/vulnerabilities/49087
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11222
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6157
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6229
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7435