10
CVE-2009-3079
- EPSS 3.87%
- Veröffentlicht 10.09.2009 21:30:01
- Zuletzt bearbeitet 16.06.2026 23:10:53
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.87% | 0.888 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://secunia.com/advisories/36757
http://www.debian.org/security/2009/dsa-1886
http://secunia.com/advisories/37098
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
http://secunia.com/advisories/36670
http://www.redhat.com/support/errata/RHSA-2009-1430.html
http://secunia.com/advisories/36671
http://www.securityfocus.com/bid/36343
http://www.mozilla.org/security/announce/2009/mfsa2009-51.html
http://www.securitytracker.com/id?1022873
https://bugzilla.mozilla.org/show_bug.cgi?id=454363
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6250