1. Home
  2. Vulnerabilities
  3. CVE-2009-2654

CVE-2009-2654

CVSS v2.0 5.8 (Medium)
58% Progress
EPSS 3.13 % (91th)
3.13% Progress
Affected Products 1
Advisories 3
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.

Weaknesses
CWE-20
Improper Input Validation
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2009-08-03 14:30:00
(15 years ago)
Updated Date
2018-10-03 22:00:55
(6 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 3.5.1 and prior versions cpe:2.3:a:mozilla:firefox <= 3.5.1
  Mozilla Firefox 0.1 cpe:2.3:a:mozilla:firefox:0.1
  Mozilla Firefox 0.2 cpe:2.3:a:mozilla:firefox:0.2
  Mozilla Firefox 0.3 cpe:2.3:a:mozilla:firefox:0.3
  Mozilla Firefox 0.4 cpe:2.3:a:mozilla:firefox:0.4
  Mozilla Firefox 0.5 cpe:2.3:a:mozilla:firefox:0.5
  Mozilla Firefox 0.6 cpe:2.3:a:mozilla:firefox:0.6
  Mozilla Firefox 0.6.1 cpe:2.3:a:mozilla:firefox:0.6.1
  Mozilla Firefox 0.7 cpe:2.3:a:mozilla:firefox:0.7
  Mozilla Firefox 0.7.1 cpe:2.3:a:mozilla:firefox:0.7.1
  Mozilla Firefox 0.8 cpe:2.3:a:mozilla:firefox:0.8
  Mozilla Firefox 0.9 cpe:2.3:a:mozilla:firefox:0.9
  Mozilla Firefox 0.9 Rc cpe:2.3:a:mozilla:firefox:0.9:rc
  Mozilla Firefox 0.9.1 cpe:2.3:a:mozilla:firefox:0.9.1
  Mozilla Firefox 0.9.2 cpe:2.3:a:mozilla:firefox:0.9.2
  Mozilla Firefox 0.9.3 cpe:2.3:a:mozilla:firefox:0.9.3
  Mozilla Firefox 0.9 Rc cpe:2.3:a:mozilla:firefox:0.9_rc
  Mozilla Firefox 0.10 cpe:2.3:a:mozilla:firefox:0.10
  Mozilla Firefox 0.10.1 cpe:2.3:a:mozilla:firefox:0.10.1
  Mozilla Firefox 1.0 cpe:2.3:a:mozilla:firefox:1.0
  Mozilla Firefox 1.0 Preview Release cpe:2.3:a:mozilla:firefox:1.0:preview_release
  Mozilla Firefox 1.0.1 cpe:2.3:a:mozilla:firefox:1.0.1
  Mozilla Firefox 1.0.2 cpe:2.3:a:mozilla:firefox:1.0.2
  Mozilla Firefox 1.0.3 cpe:2.3:a:mozilla:firefox:1.0.3
  Mozilla Firefox 1.0.4 cpe:2.3:a:mozilla:firefox:1.0.4
  Mozilla Firefox 1.0.5 cpe:2.3:a:mozilla:firefox:1.0.5
  Mozilla Firefox 1.0.6 cpe:2.3:a:mozilla:firefox:1.0.6
  Mozilla Firefox 1.0.7 cpe:2.3:a:mozilla:firefox:1.0.7
  Mozilla Firefox 1.0.8 cpe:2.3:a:mozilla:firefox:1.0.8
  Mozilla Firefox 1.4.1 cpe:2.3:a:mozilla:firefox:1.4.1
  Mozilla Firefox 1.5 cpe:2.3:a:mozilla:firefox:1.5
  Mozilla Firefox 1.5 Beta1 cpe:2.3:a:mozilla:firefox:1.5:beta1
  Mozilla Firefox 1.5 Beta2 cpe:2.3:a:mozilla:firefox:1.5:beta2
  Mozilla Firefox 1.5.0.1 cpe:2.3:a:mozilla:firefox:1.5.0.1
  Mozilla Firefox 1.5.0.2 cpe:2.3:a:mozilla:firefox:1.5.0.2
  Mozilla Firefox 1.5.0.3 cpe:2.3:a:mozilla:firefox:1.5.0.3
  Mozilla Firefox 1.5.0.4 cpe:2.3:a:mozilla:firefox:1.5.0.4
  Mozilla Firefox 1.5.0.5 cpe:2.3:a:mozilla:firefox:1.5.0.5
  Mozilla Firefox 1.5.0.6 cpe:2.3:a:mozilla:firefox:1.5.0.6
  Mozilla Firefox 1.5.0.7 cpe:2.3:a:mozilla:firefox:1.5.0.7
  Mozilla Firefox 1.5.0.8 cpe:2.3:a:mozilla:firefox:1.5.0.8
  Mozilla Firefox 1.5.0.9 cpe:2.3:a:mozilla:firefox:1.5.0.9
  Mozilla Firefox 1.5.0.10 cpe:2.3:a:mozilla:firefox:1.5.0.10
  Mozilla Firefox 1.5.0.11 cpe:2.3:a:mozilla:firefox:1.5.0.11
  Mozilla Firefox 1.5.0.12 cpe:2.3:a:mozilla:firefox:1.5.0.12
  Mozilla Firefox 1.5.1 cpe:2.3:a:mozilla:firefox:1.5.1
  Mozilla Firefox 1.5.2 cpe:2.3:a:mozilla:firefox:1.5.2
  Mozilla Firefox 1.5.3 cpe:2.3:a:mozilla:firefox:1.5.3
  Mozilla Firefox 1.5.4 cpe:2.3:a:mozilla:firefox:1.5.4
  Mozilla Firefox 1.5.5 cpe:2.3:a:mozilla:firefox:1.5.5
  Mozilla Firefox 1.5.6 cpe:2.3:a:mozilla:firefox:1.5.6
  Mozilla Firefox 1.5.7 cpe:2.3:a:mozilla:firefox:1.5.7
  Mozilla Firefox 1.5.8 cpe:2.3:a:mozilla:firefox:1.5.8
  Mozilla Firefox 1.8 cpe:2.3:a:mozilla:firefox:1.8
  Mozilla Firefox 2.0 cpe:2.3:a:mozilla:firefox:2.0
  Mozilla Firefox 2.0 Beta 1 cpe:2.3:a:mozilla:firefox:2.0:beta_1
  Mozilla Firefox 2.0 Beta1 cpe:2.3:a:mozilla:firefox:2.0:beta1
  Mozilla Firefox 2.0 Rc2 cpe:2.3:a:mozilla:firefox:2.0:rc2
  Mozilla Firefox 2.0 Rc3 cpe:2.3:a:mozilla:firefox:2.0:rc3
  Mozilla Firefox 2.0.0.1 cpe:2.3:a:mozilla:firefox:2.0.0.1
  Mozilla Firefox 2.0.0.2 cpe:2.3:a:mozilla:firefox:2.0.0.2
  Mozilla Firefox 2.0.0.3 cpe:2.3:a:mozilla:firefox:2.0.0.3
  Mozilla Firefox 2.0.0.4 cpe:2.3:a:mozilla:firefox:2.0.0.4
  Mozilla Firefox 2.0.0.5 cpe:2.3:a:mozilla:firefox:2.0.0.5
  Mozilla Firefox 2.0.0.6 cpe:2.3:a:mozilla:firefox:2.0.0.6
  Mozilla Firefox 2.0.0.7 cpe:2.3:a:mozilla:firefox:2.0.0.7
  Mozilla Firefox 2.0.0.8 cpe:2.3:a:mozilla:firefox:2.0.0.8
  Mozilla Firefox 2.0.0.9 cpe:2.3:a:mozilla:firefox:2.0.0.9
  Mozilla Firefox 2.0.0.10 cpe:2.3:a:mozilla:firefox:2.0.0.10
  Mozilla Firefox 2.0.0.11 cpe:2.3:a:mozilla:firefox:2.0.0.11
  Mozilla Firefox 2.0.0.12 cpe:2.3:a:mozilla:firefox:2.0.0.12
  Mozilla Firefox 2.0.0.13 cpe:2.3:a:mozilla:firefox:2.0.0.13
  Mozilla Firefox 2.0.0.14 cpe:2.3:a:mozilla:firefox:2.0.0.14
  Mozilla Firefox 2.0.0.15 cpe:2.3:a:mozilla:firefox:2.0.0.15
  Mozilla Firefox 2.0.0.16 cpe:2.3:a:mozilla:firefox:2.0.0.16
  Mozilla Firefox 2.0.0.17 cpe:2.3:a:mozilla:firefox:2.0.0.17
  Mozilla Firefox 2.0.0.18 cpe:2.3:a:mozilla:firefox:2.0.0.18
  Mozilla Firefox 2.0.0.19 cpe:2.3:a:mozilla:firefox:2.0.0.19
  Mozilla Firefox 2.0.0.20 cpe:2.3:a:mozilla:firefox:2.0.0.20
  Mozilla Firefox 2.0.0.21 cpe:2.3:a:mozilla:firefox:2.0.0.21
  Mozilla Firefox 2.0 .1 cpe:2.3:a:mozilla:firefox:2.0_.1
  Mozilla Firefox 2.0 .4 cpe:2.3:a:mozilla:firefox:2.0_.4
  Mozilla Firefox 2.0 .5 cpe:2.3:a:mozilla:firefox:2.0_.5
  Mozilla Firefox 2.0 .6 cpe:2.3:a:mozilla:firefox:2.0_.6
  Mozilla Firefox 2.0 .7 cpe:2.3:a:mozilla:firefox:2.0_.7
  Mozilla Firefox 2.0 .9 cpe:2.3:a:mozilla:firefox:2.0_.9
  Mozilla Firefox 2.0 .10 cpe:2.3:a:mozilla:firefox:2.0_.10
  Mozilla Firefox 2.0 8 cpe:2.3:a:mozilla:firefox:2.0_8
  Mozilla Firefox 3.0 cpe:2.3:a:mozilla:firefox:3.0
  Mozilla Firefox 3.0 Beta2 cpe:2.3:a:mozilla:firefox:3.0:beta2
  Mozilla Firefox 3.0 Beta5 cpe:2.3:a:mozilla:firefox:3.0:beta5
  Mozilla Firefox 3.0.1 cpe:2.3:a:mozilla:firefox:3.0.1
  Mozilla Firefox 3.0.2 cpe:2.3:a:mozilla:firefox:3.0.2
  Mozilla Firefox 3.0.3 cpe:2.3:a:mozilla:firefox:3.0.3
  Mozilla Firefox 3.0.4 cpe:2.3:a:mozilla:firefox:3.0.4
  Mozilla Firefox 3.0.5 cpe:2.3:a:mozilla:firefox:3.0.5
  Mozilla Firefox 3.0.6 cpe:2.3:a:mozilla:firefox:3.0.6
  Mozilla Firefox 3.0.7 cpe:2.3:a:mozilla:firefox:3.0.7
  Mozilla Firefox 3.0.8 cpe:2.3:a:mozilla:firefox:3.0.8
  Mozilla Firefox 3.0.9 cpe:2.3:a:mozilla:firefox:3.0.9
  Mozilla Firefox 3.0.10 cpe:2.3:a:mozilla:firefox:3.0.10
  Mozilla Firefox 3.0.11 cpe:2.3:a:mozilla:firefox:3.0.11
  Mozilla Firefox 3.0.12 cpe:2.3:a:mozilla:firefox:3.0.12
  Mozilla Firefox 3.1 Beta1 cpe:2.3:a:mozilla:firefox:3.1:beta1
  Mozilla Firefox 3.2 Beta1 cpe:2.3:a:mozilla:firefox:3.2:beta1
  Mozilla Firefox 3.2 Beta2 cpe:2.3:a:mozilla:firefox:3.2:beta2
  Mozilla Firefox 3.2 Beta3 cpe:2.3:a:mozilla:firefox:3.2:beta3
  Mozilla Firefox 3.5 cpe:2.3:a:mozilla:firefox:3.5