Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-2472
Analyzed
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-22 Jul, 2009 | 18:30
Updated At-29 Jul, 2021 | 13:46

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>Versions before 3.0.12(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>10
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_debuginfo>>10
cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_debuginfo>>11
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.0
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.1
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_desktop>>10
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_desktop>>11
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>10
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>11
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-1162.htmlsecalert@redhat.com
Broken Link
http://secunia.com/advisories/35914secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/35944secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/36005secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/36145secalert@redhat.com
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1secalert@redhat.com
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1secalert@redhat.com
Broken Link
http://www.mozilla.org/security/announce/2009/mfsa2009-40.htmlsecalert@redhat.com
Patch
Vendor Advisory
http://www.securityfocus.com/bid/35758secalert@redhat.com
Patch
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2009/1972secalert@redhat.com
Patch
Third Party Advisory
http://www.vupen.com/english/advisories/2009/2152secalert@redhat.com
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=479288secalert@redhat.com
Issue Tracking
Patch
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=481434secalert@redhat.com
Issue Tracking
Patch
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=497102secalert@redhat.com
Issue Tracking
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9497secalert@redhat.com
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.htmlsecalert@redhat.com
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2009-1162.html
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35914
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35944
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/36005
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/36145
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.mozilla.org/security/announce/2009/mfsa2009-40.html
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/35758
Source: secalert@redhat.com
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.vupen.com/english/advisories/2009/1972
Source: secalert@redhat.com
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/2152
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=479288
Source: secalert@redhat.com
Resource:
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=481434
Source: secalert@redhat.com
Resource:
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=497102
Source: secalert@redhat.com
Resource:
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9497
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Change History
0Changes found
Details not found