1. Home
  2. Vulnerabilities
  3. CVE-2009-3376

CVE-2009-3376

CVSS v2.0 9.3 (High)
93% Progress
EPSS 1.42 % (87th)
1.42% Progress
Affected Products 2
Advisories 9
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.

Weaknesses
CWE-16
Configuration
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2009-10-29 14:30:00
(15 years ago)
Updated Date
2018-10-30 16:25:57
(5 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 3.0 Beta5 cpe:2.3:a:mozilla:firefox:3.0:beta5
  Mozilla Firefox 3.0.1 cpe:2.3:a:mozilla:firefox:3.0.1
  Mozilla Firefox 3.0.2 cpe:2.3:a:mozilla:firefox:3.0.2
  Mozilla Firefox 3.0.3 cpe:2.3:a:mozilla:firefox:3.0.3
  Mozilla Firefox 3.0.4 cpe:2.3:a:mozilla:firefox:3.0.4
  Mozilla Firefox 3.0.5 cpe:2.3:a:mozilla:firefox:3.0.5
  Mozilla Firefox 3.0.6 cpe:2.3:a:mozilla:firefox:3.0.6
  Mozilla Firefox 3.0.7 cpe:2.3:a:mozilla:firefox:3.0.7
  Mozilla Firefox 3.0.8 cpe:2.3:a:mozilla:firefox:3.0.8
  Mozilla Firefox 3.0.9 cpe:2.3:a:mozilla:firefox:3.0.9
  Mozilla Firefox 3.0.10 cpe:2.3:a:mozilla:firefox:3.0.10
  Mozilla Firefox 3.0.11 cpe:2.3:a:mozilla:firefox:3.0.11
  Mozilla Firefox 3.0.12 cpe:2.3:a:mozilla:firefox:3.0.12
  Mozilla Firefox 3.0.13 cpe:2.3:a:mozilla:firefox:3.0.13
  Mozilla Firefox 3.5.1 cpe:2.3:a:mozilla:firefox:3.5.1
  Mozilla Firefox 3.5.2 cpe:2.3:a:mozilla:firefox:3.5.2
  Mozilla Firefox 3.5.3 cpe:2.3:a:mozilla:firefox:3.5.3
  Mozilla Seamonkey 1.5.0.10 and prior versions cpe:2.3:a:mozilla:seamonkey <= 1.5.0.10
  Mozilla Seamonkey 1.0 cpe:2.3:a:mozilla:seamonkey:1.0
  Mozilla Seamonkey 1.0 Alpha cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  Mozilla Seamonkey 1.0 Beta cpe:2.3:a:mozilla:seamonkey:1.0:beta
  Mozilla Seamonkey 1.0.1 cpe:2.3:a:mozilla:seamonkey:1.0.1
  Mozilla Seamonkey 1.0.2 cpe:2.3:a:mozilla:seamonkey:1.0.2
  Mozilla Seamonkey 1.0.3 cpe:2.3:a:mozilla:seamonkey:1.0.3
  Mozilla Seamonkey 1.0.4 cpe:2.3:a:mozilla:seamonkey:1.0.4
  Mozilla Seamonkey 1.0.5 cpe:2.3:a:mozilla:seamonkey:1.0.5
  Mozilla Seamonkey 1.0.6 cpe:2.3:a:mozilla:seamonkey:1.0.6
  Mozilla Seamonkey 1.0.7 cpe:2.3:a:mozilla:seamonkey:1.0.7
  Mozilla Seamonkey 1.0.8 cpe:2.3:a:mozilla:seamonkey:1.0.8
  Mozilla Seamonkey 1.0.9 cpe:2.3:a:mozilla:seamonkey:1.0.9
  Mozilla Seamonkey 1.1 cpe:2.3:a:mozilla:seamonkey:1.1
  Mozilla Seamonkey 1.1 Alpha cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  Mozilla Seamonkey 1.1 Beta cpe:2.3:a:mozilla:seamonkey:1.1:beta
  Mozilla Seamonkey 1.1.1 cpe:2.3:a:mozilla:seamonkey:1.1.1
  Mozilla Seamonkey 1.1.2 cpe:2.3:a:mozilla:seamonkey:1.1.2
  Mozilla Seamonkey 1.1.3 cpe:2.3:a:mozilla:seamonkey:1.1.3
  Mozilla Seamonkey 1.1.4 cpe:2.3:a:mozilla:seamonkey:1.1.4
  Mozilla Seamonkey 1.1.5 cpe:2.3:a:mozilla:seamonkey:1.1.5
  Mozilla Seamonkey 1.1.6 cpe:2.3:a:mozilla:seamonkey:1.1.6
  Mozilla Seamonkey 1.1.7 cpe:2.3:a:mozilla:seamonkey:1.1.7
  Mozilla Seamonkey 1.1.8 cpe:2.3:a:mozilla:seamonkey:1.1.8
  Mozilla Seamonkey 1.1.9 cpe:2.3:a:mozilla:seamonkey:1.1.9
  Mozilla Seamonkey 1.1.10 cpe:2.3:a:mozilla:seamonkey:1.1.10
  Mozilla Seamonkey 1.1.11 cpe:2.3:a:mozilla:seamonkey:1.1.11
  Mozilla Seamonkey 1.1.12 cpe:2.3:a:mozilla:seamonkey:1.1.12
  Mozilla Seamonkey 1.1.13 cpe:2.3:a:mozilla:seamonkey:1.1.13
  Mozilla Seamonkey 1.1.14 cpe:2.3:a:mozilla:seamonkey:1.1.14
  Mozilla Seamonkey 1.1.15 cpe:2.3:a:mozilla:seamonkey:1.1.15
  Mozilla Seamonkey 1.1.16 cpe:2.3:a:mozilla:seamonkey:1.1.16
  Mozilla Seamonkey 1.1.17 cpe:2.3:a:mozilla:seamonkey:1.1.17
  Mozilla Seamonkey 1.5.0.8 cpe:2.3:a:mozilla:seamonkey:1.5.0.8
  Mozilla Seamonkey 1.5.0.9 cpe:2.3:a:mozilla:seamonkey:1.5.0.9