Vulnerability Name:
CVE-2009-4129 (CCN-54611)
Assigned:
2009-12-04
Published:
2009-12-04
Updated:
2017-08-17
Summary:
Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
5.8 Medium
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P
)
4.7 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:U/RC:UR
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
Partial
4.3 Medium
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.5 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-362
Vulnerability Consequences:
Gain Access
References:
Source: BUGTRAQ
Type: UNKNOWN
20091205 Mozilla Firefox JavaScript Prompt Spoofing Weakness
Source: CCN
Type: BugTraq Mailing List, Sat Dec 05 2009
Mozilla Firefox JavaScript Prompt Spoofing Weakness
Source: MITRE
Type: CNA
CVE-2009-4129
Source: CCN
Type: SECTRACK ID: 1023287
Mozilla Firefox JavaScript Bugs Let Remote Users Spoof Prompt Dialogs
Source: SECTRACK
Type: UNKNOWN
1023287
Source: CCN
Type: Mozilla Web site
Firefox - Rediscover the web
Source: CCN
Type: OSVDB ID: 61090
Mozilla Firefox Cross-domain Page Load Race Condition JavaScript Prompt Spoofing
Source: BID
Type: UNKNOWN
37230
Source: CCN
Type: BID-37230
Mozilla Firefox JavaScript 'Prompted Message' Spoofing Vulnerability
Source: CCN
Type: BID-37232
Mozilla Firefox 'MakeScriptDialogTitle()' URI Spoofing Vulnerability
Source: XF
Type: UNKNOWN
firefox-javascript-spoofing(54611)
Source: XF
Type: UNKNOWN
firefox-javascript-spoofing(54611)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.5:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.1:beta1:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
OR
cpe:/a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
mozilla
firefox *
mozilla
firefox 3.0 beta5
mozilla
firefox 3.0
mozilla
firefox 3.0.1
mozilla
firefox 3.0.3
mozilla
firefox 3.0.2
mozilla
firefox 3.0.4
mozilla
firefox 3.0.5
mozilla
firefox 3.0.6
mozilla
firefox 3.0.7
mozilla
firefox 3.0.8
mozilla
firefox 3.0.9
mozilla
firefox 3.0.10
mozilla
firefox 3.5
mozilla
firefox 3.5.1
mozilla
firefox 3.0.12
mozilla
firefox 3.0.13
mozilla
firefox 3.5.2
mozilla
firefox 3.1 beta1
mozilla
firefox 3.0.11
mozilla
firefox 3.5.3
mozilla
firefox 3.5.4
mozilla
firefox 3.0.14
mozilla
firefox 3.5.5
Denotes that component is vulnerable