CVE-2009-4100

EPSS 2.69%
Published 29.11.2009 13:08:29
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Yoono ≫ Yoono Version <= 6.1.0

Mozilla ≫ Firefox

Yoono ≫ Yoono Version2.0.2.474

Mozilla ≫ Firefox

Yoono ≫ Yoono Version2.0.3.564

Mozilla ≫ Firefox

Yoono ≫ Yoono Version2.0.4.641

Mozilla ≫ Firefox

Yoono ≫ Yoono Version2.1.0.743

Mozilla ≫ Firefox

Yoono ≫ Yoono Version2.2.1.1038

Mozilla ≫ Firefox

Yoono ≫ Yoono Version3.0.0.1268

Mozilla ≫ Firefox

Yoono ≫ Yoono Version3.0.0.1270

Mozilla ≫ Firefox

Yoono ≫ Yoono Version3.0.1.1388

Mozilla ≫ Firefox

Yoono ≫ Yoono Version3.0.2.1976

Mozilla ≫ Firefox

Yoono ≫ Yoono Version3.0.3.2369

Mozilla ≫ Firefox

Yoono ≫ Yoono Version3.0.4.2469

Mozilla ≫ Firefox

Yoono ≫ Yoono Version3.0.5.2626

Mozilla ≫ Firefox

Yoono ≫ Yoono Version3.0.6.2723

Mozilla ≫ Firefox

Yoono ≫ Yoono Version3.1.0.2898

Mozilla ≫ Firefox

Yoono ≫ Yoono Version3.1.1.2999

Mozilla ≫ Firefox

Yoono ≫ Yoono Version4.0.0.4529

Mozilla ≫ Firefox

Yoono ≫ Yoono Version4.0.1.4774

Mozilla ≫ Firefox

Yoono ≫ Yoono Version4.0.2.5149

Mozilla ≫ Firefox

Yoono ≫ Yoono Version4.0.3.5488

Mozilla ≫ Firefox

Yoono ≫ Yoono Version5.0.1.11511_11520

Mozilla ≫ Firefox

Yoono ≫ Yoono Version5.0.3

Mozilla ≫ Firefox

Yoono ≫ Yoono Version5.0.4

Mozilla ≫ Firefox

Yoono ≫ Yoono Version5.0.5

Mozilla ≫ Firefox

Yoono ≫ Yoono Version5.0.6

Mozilla ≫ Firefox

Yoono ≫ Yoono Version5.0.7

Mozilla ≫ Firefox

Yoono ≫ Yoono Version5.0.7.2

Mozilla ≫ Firefox

Yoono ≫ Yoono Version5.1.0

Mozilla ≫ Firefox

Yoono ≫ Yoono Version5.2.0

Mozilla ≫ Firefox

Yoono ≫ Yoono Version5.3.0

Mozilla ≫ Firefox

Yoono ≫ Yoono Version5.4.0

Mozilla ≫ Firefox

Yoono ≫ Yoono Version6.0.0

Mozilla ≫ Firefox

Yoono ≫ Yoono Version6.0.1

Mozilla ≫ Firefox

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.69%	0.85

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/37468

Vendor Advisory

http://www.net-security.org/secworld.php?id=8527

http://www.securityfocus.com/bid/37123

http://www.vupen.com/english/advisories/2009/3326

Vendor Advisory

https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1

https://exchange.xforce.ibmcloud.com/vulnerabilities/54417

https://nvd.nist.gov/vuln/detail/CVE-2009-4100

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-4100

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-4100

EUVD