Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2009-3079

Date: September 10, 2009

Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.

Severity Score

Related Resources (17)

http://www.securitytracker.com/id?1022873
http://secunia.com/advisories/36757
http://www.debian.org/security/2009/dsa-1886
http://secunia.com/advisories/36671
http://secunia.com/advisories/36670
https://nvd.nist.gov/vuln/detail/CVE-2009-3079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10390
https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6250
http://www.mozilla.org/security/announce/2009/mfsa2009-51.html
https://bugzilla.mozilla.org/show_bug.cgi?id=454363
https://access.redhat.com/security/cve/CVE-2009-3079
http://www.securityfocus.com/bid/36343
http://secunia.com/advisories/37098
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
http://www.redhat.com/support/errata/RHSA-2009-1430.html
https://www.mend.io/vulnerability-database/CVE-2009-3079

Severity Score

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us