Vulnerability Description
Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 3.0.10 |
| Mozilla | Seamonkey | <= 1.1.16 |
Related Weaknesses (CWE)
References
- http://osvdb.org/55162
- http://secunia.com/advisories/35331Vendor Advisory
- http://secunia.com/advisories/35415
- http://secunia.com/advisories/35431Vendor Advisory
- http://secunia.com/advisories/35439Vendor Advisory
- http://secunia.com/advisories/35468
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
- http://www.debian.org/security/2009/dsa-1820
- http://www.mozilla.org/security/announce/2009/mfsa2009-25.htmlVendor Advisory
- http://www.securityfocus.com/bid/35326
- http://www.securityfocus.com/bid/35388
- http://www.vupen.com/english/advisories/2009/1572PatchVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=479413Exploit
- https://bugzilla.redhat.com/show_bug.cgi?id=503573
FAQ
What is CVE-2009-1834?
CVE-2009-1834 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with inval...
How severe is CVE-2009-1834?
CVE-2009-1834 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1834?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey.