521311 – (CVE-2009-2654) CVE-2009-2654 firefox: URL bar spoofing vulnerability

Bug 521311 (CVE-2009-2654) - CVE-2009-2654 firefox: URL bar spoofing vulnerability

Summary: CVE-2009-2654 firefox: URL bar spoofing vulnerability

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2009-2654
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	http://web.nvd.nist.gov/view/vuln/det...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-09-04 17:42 UTC by Vincent Danen
Modified:	2019-09-29 12:31 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-06-10 21:21:41 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2009:1430	normal	SHIPPED_LIVE	Critical: firefox security update	2009-09-09 23:27:34 UTC
Red Hat Product Errata	RHSA-2009:1431	normal	SHIPPED_LIVE	Critical: seamonkey security update	2009-09-09 23:49:52 UTC
Red Hat Product Errata	RHSA-2009:1432	normal	SHIPPED_LIVE	Critical: seamonkey security update	2009-09-09 23:50:33 UTC

Description Vincent Danen 2009-09-04 17:42:30 UTC

Common Vulnerabilities and Exposures assigned an identifier CVE-2009-2654 to
the following vulnerability:

Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. 

This issue has already been addressed in Fedora via FEDORA-2009-8279 and FEDORA-2009-8288.

References:

http://www.mozilla.org/security/announce/2009/mfsa2009-44.html
https://bugzilla.mozilla.org/show_bug.cgi?id=451898
http://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/

Comment 1 errata-xmlrpc 2009-09-09 23:27:58 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:1430 https://rhn.redhat.com/errata/RHSA-2009-1430.html

Comment 2 errata-xmlrpc 2009-09-09 23:50:03 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:1431 https://rhn.redhat.com/errata/RHSA-2009-1431.html

Comment 3 errata-xmlrpc 2009-09-09 23:50:45 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:1432 https://rhn.redhat.com/errata/RHSA-2009-1432.html

Note You need to log in before you can comment on or make changes to this bug.