Published: 10/09/2009 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Visual truncation vulnerability in Mozilla Firefox prior to 3.0.14, and 3.5.x prior to 3.5.3, allows remote malicious users to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 0.8
mozilla firefox 2.0.0.19
mozilla firefox 0.10
mozilla firefox 1.0.1
mozilla firefox 3.0.5
mozilla firefox 3.0
mozilla firefox 1.0.4
mozilla firefox 2.0_.10
mozilla firefox 2.0_.4
mozilla firefox 2.0.0.17
mozilla firefox 2.0.0.11
mozilla firefox 1.0
mozilla firefox 0.3
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.4
mozilla firefox 1.5.1
mozilla firefox 2.0
mozilla firefox 2.0.0.4
mozilla firefox 0.9_rc
mozilla firefox 3.0.3
mozilla firefox 3.0.11
mozilla firefox 3.0.4
mozilla firefox 2.0.0.18
mozilla firefox 2.0.0.14
mozilla firefox 0.9.1
mozilla firefox 0.9
mozilla firefox 0.9.3
mozilla firefox 1.0.3
mozilla firefox 1.5
mozilla firefox 2.0.0.9
mozilla firefox 2.0_.9
mozilla firefox 2.0_8
mozilla firefox 2.0.0.15
mozilla firefox 0.6.1
mozilla firefox 0.6
mozilla firefox 0.1
mozilla firefox 2.0.0.7
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.9
mozilla firefox 1.5.0.6
mozilla firefox 1.5.7
mozilla firefox 1.5.6
mozilla firefox 2.0.0.1
mozilla firefox 3.0.2
mozilla firefox 2.0.0.13
mozilla firefox 3.0.6
mozilla firefox 3.0.9
mozilla firefox 0.10.1
mozilla firefox 2.0.0.20
mozilla firefox 1.0.7
mozilla firefox 1.0.6
mozilla firefox 2.0_.5
mozilla firefox 2.0_.6
mozilla firefox 2.0_.7
mozilla firefox 2.0.0.16
mozilla firefox 1.4.1
mozilla firefox 0.4
mozilla firefox 0.5
mozilla firefox 1.5.0.11
mozilla firefox 1.5.0.12
mozilla firefox 1.5.2
mozilla firefox 1.5.0.8
mozilla firefox 1.8
mozilla firefox 1.5.8
mozilla firefox 2.0.0.3
mozilla firefox 2.0.0.2
mozilla firefox 2.0.0.8
mozilla firefox 3.0.12
mozilla firefox 3.0.7
mozilla firefox 3.0.8
mozilla firefox 2.0.0.12
mozilla firefox 3.0.1
mozilla firefox 0.9.2
mozilla firefox 1.0.2
mozilla firefox 1.0.5
mozilla firefox 1.0.8
mozilla firefox 2.0_.1
mozilla firefox 2.0.0.21
mozilla firefox 2.0.0.10
mozilla firefox 0.7
mozilla firefox 0.7.1
mozilla firefox 0.2
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.10
mozilla firefox 1.5.3
mozilla firefox 1.5.0.7
mozilla firefox 1.5.5
mozilla firefox 2.0.0.6
mozilla firefox 2.0.0.5
mozilla firefox 3.0.10
mozilla firefox
mozilla firefox 3.5
mozilla firefox 3.5.1
mozilla firefox 3.5.2

Several flaws were discovered in the Firefox browser and JavaScript engines If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075) ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3070 Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitra ...

Mozilla Foundation Security Advisory 2009-50 Location bar spoofing via tall line-height Unicode characters Announced September 9, 2009 Reporter Juan Pablo Lopez Yacubian Impact Low Products Firefox Fixed in ...

CWE-20 https://bugzilla.mozilla.org/show_bug.cgi?id=453827 http://www.mozilla.org/security/announce/2009/mfsa2009-50.html http://www.redhat.com/support/errata/RHSA-2009-1430.html http://www.securitytracker.com/id?1022875 http://www.novell.com/linux/security/advisories/2009_48_firefox.html http://secunia.com/advisories/37098 http://secunia.com/advisories/36692 http://www.securityfocus.com/bid/36343 http://www.debian.org/security/2009/dsa-1885 http://secunia.com/advisories/36671 http://secunia.com/advisories/36670 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5418 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10871 https://usn.ubuntu.com/821-1/https://nvd.nist.gov

Get Started

CVE-2009-3078

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect