Search for vulnerabilities
Vulnerability details: VCID-ta7d-z392-aaaq
Vulnerability ID VCID-ta7d-z392-aaaq
Aliases CVE-2009-1839
Summary CVE-2009-1839 Firefox information disclosure flaw
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2009:1095
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.06205 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.06205 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.06205 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.06205 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.15161 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
epss 0.22396 https://api.first.org/data/v1/epss?cve=CVE-2009-1839
cvssv2 5.4 https://nvd.nist.gov/vuln/detail/CVE-2009-1839
generic_textual none https://www.mozilla.org/en-US/security/advisories/mfsa2009-30
Reference id Reference type URL
http://osvdb.org/55163
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1839.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1839
https://bugzilla.mozilla.org/show_bug.cgi?id=479943
https://bugzilla.redhat.com/show_bug.cgi?id=503581
http://secunia.com/advisories/35331
http://secunia.com/advisories/35415
http://secunia.com/advisories/35431
http://secunia.com/advisories/35468
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9256
https://rhn.redhat.com/errata/RHSA-2009-1095.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
http://www.debian.org/security/2009/dsa-1820
http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
http://www.securityfocus.com/bid/35326
http://www.securityfocus.com/bid/35386
http://www.vupen.com/english/advisories/2009/1572
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0beta5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0beta5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.1:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.1:beta1:*:*:*:*:*:*
CVE-2009-1839 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839
CVE-2009-1839 https://nvd.nist.gov/vuln/detail/CVE-2009-1839
CVE-2009-1839;OSVDB-55163 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/10544.html
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2009-30 https://www.mozilla.org/en-US/security/advisories/mfsa2009-30
RHSA-2009:1095 https://access.redhat.com/errata/RHSA-2009:1095
USN-779-1 https://usn.ubuntu.com/779-1/
Data source Exploit-DB
Date added Dec. 17, 2009
Description Mozilla Firefox - Location Bar Spoofing
Ransomware campaign use Known
Source publication date Dec. 18, 2009
Exploit type local
Platform multiple
Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1839
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.88143
EPSS Score 0.01701
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.