Search for vulnerabilities
Vulnerability details: VCID-67s3-fypq-aaan
Vulnerability ID VCID-67s3-fypq-aaan
Aliases CVE-2009-0354
Summary CVE-2009-0354 Firefox XSS using a chrome XBL method and window.eval
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2009:0256
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
epss 0.01789 https://api.first.org/data/v1/epss?cve=CVE-2009-0354
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=483142
cvssv2 2.6 https://nvd.nist.gov/vuln/detail/CVE-2009-0354
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2009-02
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
http://rhn.redhat.com/errata/RHSA-2009-0256.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0354.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0354
https://bugzilla.mozilla.org/show_bug.cgi?id=468581
http://secunia.com/advisories/33799
http://secunia.com/advisories/33809
http://secunia.com/advisories/33831
http://secunia.com/advisories/33841
http://secunia.com/advisories/33846
http://secunia.com/advisories/33869
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9796
http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
http://www.mozilla.org/security/announce/2009/mfsa2009-02.html
http://www.securityfocus.com/bid/33598
http://www.securitytracker.com/id?1021664
http://www.ubuntu.com/usn/usn-717-1
http://www.vupen.com/english/advisories/2009/0313
483142 https://bugzilla.redhat.com/show_bug.cgi?id=483142
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
CVE-2009-0354 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354
CVE-2009-0354 https://nvd.nist.gov/vuln/detail/CVE-2009-0354
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2009-02 https://www.mozilla.org/en-US/security/advisories/mfsa2009-02
RHSA-2009:0256 https://access.redhat.com/errata/RHSA-2009:0256
USN-717-1 https://usn.ubuntu.com/717-1/
No exploits are available.
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0354
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.70023
EPSS Score 0.00300
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.