Search for vulnerabilities
Vulnerability details: VCID-f6k7-wjwb-aaag
Vulnerability ID VCID-f6k7-wjwb-aaag
Aliases CVE-2009-2472
Summary Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2009:1162
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.007 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
epss 0.02329 https://api.first.org/data/v1/epss?cve=CVE-2009-2472
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=512147
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2009-2472
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2009-40
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
http://rhn.redhat.com/errata/RHSA-2009-1162.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json
https://api.first.org/data/v1/epss?cve=CVE-2009-2472
https://bugzilla.mozilla.org/show_bug.cgi?id=479288
https://bugzilla.mozilla.org/show_bug.cgi?id=481434
https://bugzilla.mozilla.org/show_bug.cgi?id=497102
http://secunia.com/advisories/35914
http://secunia.com/advisories/35944
http://secunia.com/advisories/36005
http://secunia.com/advisories/36145
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9497
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html
http://www.mozilla.org/security/announce/2009/mfsa2009-40.html
http://www.securityfocus.com/bid/35758
http://www.vupen.com/english/advisories/2009/1972
http://www.vupen.com/english/advisories/2009/2152
512147 https://bugzilla.redhat.com/show_bug.cgi?id=512147
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
CVE-2009-2472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472
CVE-2009-2472 https://nvd.nist.gov/vuln/detail/CVE-2009-2472
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2009-40 https://www.mozilla.org/en-US/security/advisories/mfsa2009-40
RHSA-2009:1162 https://access.redhat.com/errata/RHSA-2009:1162
USN-798-1 https://usn.ubuntu.com/798-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2009-2472
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.71666
EPSS Score 0.00333
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.