CVE-2009-2472

CVSS V2 Medium 4.3 CVSS V3 None
Description
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."
Overview
  • CVE ID
  • CVE-2009-2472
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2009-07-22T18:30:00
  • Last Modified Date
  • 2021-07-29T13:46:17
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 1 OR 3.0.12
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=479288 Issue Tracking Patch Vendor Advisory
http://www.securityfocus.com/bid/35758 Patch Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=481434 Issue Tracking Patch Vendor Advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-40.html Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1972 Patch Third Party Advisory
http://secunia.com/advisories/35914 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=497102 Issue Tracking Patch Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2009-1162.html Broken Link
http://secunia.com/advisories/35944 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1 Broken Link
http://www.vupen.com/english/advisories/2009/2152 Third Party Advisory
http://secunia.com/advisories/36145 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html Mailing List Third Party Advisory
http://secunia.com/advisories/36005 Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9497 Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2009-2472
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472
History
Created Old Value New Value Data Type Notes
2022-05-10 15:52:30 Added to TrackCVE