CVE-2009-0652 : Detail

CVE-2009-0652

2.13%V4
Network
2009-02-20
19h00 +00:00
2024-08-07
04h40 +00:00
CVE.org
NVD
Meldingen voor een CVE
Blijf op de hoogte van wijzigingen voor een specifieke CVE.
Meldingen beheren

CVE-beschrijvingen

The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.

CVE-informatie

Metriek

Metriek Score Ernst CVSS Vector Source
V2 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P nvd@nist.gov

EPSS

EPSS is een scoremodel dat de kans voorspelt dat een kwetsbaarheid wordt uitgebuit.

EPSS-score

Het EPSS-model produceert een kans score tussen 0 en 1 (0 en 100%). Hoe hoger de score, hoe groter de kans dat een kwetsbaarheid wordt uitgebuit.

EPSS-percentiel

Het percentiel wordt gebruikt om CVE's te rangschikken op basis van hun EPSS-score. Een CVE in het 95e percentiel heeft bijvoorbeeld een grotere kans om te worden uitgebuit dan 95% van de andere CVE's. Het percentiel wordt dus gebruikt om de EPSS-score van een CVE te vergelijken met die van andere CVE's.
EPSS First.org

Products Mentioned

Configuraton 0

Mozilla>>Firefox >> Version To (including) 3.0.6

Mozilla>>Firefox >> Version 1.0

Mozilla>>Firefox >> Version 1.0.1

Mozilla>>Firefox >> Version 1.0.2

Mozilla>>Firefox >> Version 1.0.3

Mozilla>>Firefox >> Version 1.0.4

Mozilla>>Firefox >> Version 1.0.5

Mozilla>>Firefox >> Version 1.0.6

Mozilla>>Firefox >> Version 1.0.7

Mozilla>>Firefox >> Version 1.0.8

Mozilla>>Firefox >> Version 1.5

Mozilla>>Firefox >> Version 1.5.0.1

Mozilla>>Firefox >> Version 1.5.0.2

Mozilla>>Firefox >> Version 1.5.0.3

Mozilla>>Firefox >> Version 1.5.0.4

Mozilla>>Firefox >> Version 1.5.0.5

Mozilla>>Firefox >> Version 1.5.0.6

Mozilla>>Firefox >> Version 1.5.0.7

Mozilla>>Firefox >> Version 1.5.0.8

Mozilla>>Firefox >> Version 1.5.0.9

Mozilla>>Firefox >> Version 1.5.0.10

Mozilla>>Firefox >> Version 1.5.0.11

Mozilla>>Firefox >> Version 1.5.0.12

Mozilla>>Firefox >> Version 2.0

Mozilla>>Firefox >> Version 2.0.0.1

Mozilla>>Firefox >> Version 2.0.0.2

Mozilla>>Firefox >> Version 2.0.0.3

Mozilla>>Firefox >> Version 2.0.0.4

Mozilla>>Firefox >> Version 2.0.0.5

Mozilla>>Firefox >> Version 2.0.0.6

Mozilla>>Firefox >> Version 2.0.0.7

Mozilla>>Firefox >> Version 2.0.0.8

Mozilla>>Firefox >> Version 2.0.0.9

Mozilla>>Firefox >> Version 2.0.0.10

Mozilla>>Firefox >> Version 2.0.0.11

Mozilla>>Firefox >> Version 2.0.0.12

Mozilla>>Firefox >> Version 2.0.0.13

Mozilla>>Firefox >> Version 2.0.0.14

Mozilla>>Firefox >> Version 2.0.0.15

Mozilla>>Firefox >> Version 2.0.0.16

Mozilla>>Firefox >> Version 2.0.0.17

Mozilla>>Firefox >> Version 2.0.0.18

Mozilla>>Firefox >> Version 2.0.0.19

Mozilla>>Firefox >> Version 2.0.0.20

Mozilla>>Firefox >> Version 3.0

Mozilla>>Firefox >> Version 3.0.1

Mozilla>>Firefox >> Version 3.0.2

Mozilla>>Firefox >> Version 3.0.3

Mozilla>>Firefox >> Version 3.0.4

Mozilla>>Firefox >> Version 3.0.5

Mozilla>>Seamonkey >> Version To (including) 1.1.14

Mozilla>>Seamonkey >> Version 1.0

Mozilla>>Seamonkey >> Version 1.0.1

Mozilla>>Seamonkey >> Version 1.0.2

Mozilla>>Seamonkey >> Version 1.0.3

Mozilla>>Seamonkey >> Version 1.0.5

Mozilla>>Seamonkey >> Version 1.0.6

Mozilla>>Seamonkey >> Version 1.0.7

Mozilla>>Seamonkey >> Version 1.0.8

Mozilla>>Seamonkey >> Version 1.0.9

Mozilla>>Seamonkey >> Version 1.1

Mozilla>>Seamonkey >> Version 1.1

Mozilla>>Seamonkey >> Version 1.1

Mozilla>>Seamonkey >> Version 1.1.1

Mozilla>>Seamonkey >> Version 1.1.2

Mozilla>>Seamonkey >> Version 1.1.3

Mozilla>>Seamonkey >> Version 1.1.4

Mozilla>>Seamonkey >> Version 1.1.5

Mozilla>>Seamonkey >> Version 1.1.6

Mozilla>>Seamonkey >> Version 1.1.7

Mozilla>>Seamonkey >> Version 1.1.8

Mozilla>>Seamonkey >> Version 1.1.9

Mozilla>>Seamonkey >> Version 1.1.10

Mozilla>>Seamonkey >> Version 1.1.11

Mozilla>>Seamonkey >> Version 1.1.12

Mozilla>>Seamonkey >> Version 1.1.13

Mozilla>>Thunderbird >> Version To (including) 2.0.0.20

Mozilla>>Thunderbird >> Version 2.0.0.0

Mozilla>>Thunderbird >> Version 2.0.0.4

Mozilla>>Thunderbird >> Version 2.0.0.5

Mozilla>>Thunderbird >> Version 2.0.0.6

Mozilla>>Thunderbird >> Version 2.0.0.9

Mozilla>>Thunderbird >> Version 2.0.0.12

Mozilla>>Thunderbird >> Version 2.0.0.14

Mozilla>>Thunderbird >> Version 2.0.0.16

Mozilla>>Thunderbird >> Version 2.0.0.17

Mozilla>>Thunderbird >> Version 2.0.0.18

Mozilla>>Thunderbird >> Version 2.0.0.19

Referenties

http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
Tags : vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/34894
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1125
Tags : vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2009/dsa-1830
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/34096
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34844
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35065
Tags : third-party-advisory, x_refsource_SECUNIA
https://usn.ubuntu.com/764-1/
Tags : vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/33837
Tags : vdb-entry, x_refsource_BID
http://secunia.com/advisories/35042
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34843
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1797
Tags : vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2009-0437.html
Tags : vendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2009-0436.html
Tags : vendor-advisory, x_refsource_REDHAT
De informatie die op CVE Find wordt gepresenteerd, is afkomstig van verschillende zorgvuldig geselecteerde referentiebronnen. CVE-gegevens worden geleverd door MITRE Corporation en de National Vulnerability Database (NVD). De Known Exploited Vulnerabilities (KEV)-catalogus is afkomstig van de Cybersecurity and Infrastructure Security Agency (CISA), terwijl EPSS-scores afkomstig zijn van FIRST.org. Daarnaast worden gegevens over softwarezwakheden (CWE) en veelvoorkomende aanvalspatronen (CAPEC) bijgehouden door MITRE Corporation, en informatie over hardware- en softwareconfiguraties (CPE) wordt geleverd door de NVD.