Mozilla Firefox Unicode Character Processing Bug Lets Remote Users Spoof URLs
|
|
SecurityTracker Alert ID: 1022380 |
|
SecurityTracker URL: http://securitytracker.com/id/1022380
|
|
CVE Reference:
CVE-2009-1834
(Links to External Site)
|
Date: Jun 12 2009
|
Impact:
Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 3.0.11
|
Description:
A vulnerability was reported in Mozilla Firefox. A remote user can spoof the location bar contents.
A remote user can create a URL containing certain unicode characters in an IDN to cause part of the URL to be displayed out of view in the location bar.
Mozilla SeaMonkey is affected.
Pavel Cvrcek reported this vulnerability.
|
Impact:
A remote user can spoof the location bar contents.
|
Solution:
The vendor has issued a fix (3.0.11).
The vendor's advisory is available at:
http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
|
Vendor URL: www.mozilla.org/security/announce/2009/mfsa2009-25.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 11 Jun 2009 20:57:33 -0400
Subject: http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
|
CVE-2009-1834
|
|
