Vulnerability Description
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 3.0.13 |
References
- http://secunia.com/advisories/36669
- http://secunia.com/advisories/36670
- http://secunia.com/advisories/36671
- http://secunia.com/advisories/36692
- http://secunia.com/advisories/37098
- http://www.debian.org/security/2009/dsa-1885
- http://www.mozilla.org/security/announce/2009/mfsa2009-48.htmlVendor Advisory
- http://www.novell.com/linux/security/advisories/2009_48_firefox.html
- http://www.redhat.com/support/errata/RHSA-2009-1430.html
- http://www.redhat.com/support/errata/RHSA-2009-1431.html
- http://www.redhat.com/support/errata/RHSA-2009-1432.html
- http://www.redhat.com/support/errata/RHSA-2010-0153.html
- http://www.redhat.com/support/errata/RHSA-2010-0154.html
- http://www.securityfocus.com/bid/36343
- http://www.securitytracker.com/id?1022877
FAQ
What is CVE-2009-3076?
CVE-2009-3076 is a vulnerability with a CVSS score of 9.3 (HIGH). Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to...
How severe is CVE-2009-3076?
CVE-2009-3076 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3076?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.