Search for vulnerabilities
Vulnerability details: VCID-3d4h-pdr9-aaan
Vulnerability ID VCID-3d4h-pdr9-aaan
Aliases CVE-2009-2665
Summary The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01378 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.01622 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
epss 0.02569 https://api.first.org/data/v1/epss?cve=CVE-2009-2665
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2009-2665
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2009-46
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2009-2665
https://bugzilla.mozilla.org/show_bug.cgi?id=498897
http://secunia.com/advisories/36126
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html
http://www.mozilla.org/security/announce/2009/mfsa2009-46.html
http://www.securityfocus.com/bid/35928
http://www.vupen.com/english/advisories/2009/2142
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
CVE-2009-2665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665
CVE-2009-2665 https://nvd.nist.gov/vuln/detail/CVE-2009-2665
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2009-46 https://www.mozilla.org/en-US/security/advisories/mfsa2009-46
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-2665
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.86716
EPSS Score 0.01378
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.