thr3ads.net - Secure testing team - [Secure-testing-team] Bug#539891: CVE-2009-2654: allows remote attackers to spoof the address bar [Aug 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Aug-04 09:35 UTC

[Secure-testing-team] Bug#539891: CVE-2009-2654: allows remote attackers to spoof the address bar

Package: xulrunner
Severity: important
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xulrunner.

CVE-2009-2654[0]:
| Mozilla Firefox 3.5.1 and earlier allows remote attackers to spoof the
| address bar, and possibly conduct phishing attacks, via a crafted web
| page that calls window.open with an invalid character in the URL,
| makes document.write calls to the resulting object, and then calls the
| stop method during the loading of the error page.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654
    http://security-tracker.debian.net/tracker/CVE-2009-2654
    Patch: https://bug451898.bugzilla.mozilla.org/attachment.cgi?id=391176

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp4AMUACgkQNxpp46476aoiAwCeKqWgto7rHejQ1l7FYCfz/6n6
IFYAmwe/xWeHzR1rozUIbi+cY4nuNhSA
=xX+m
-----END PGP SIGNATURE-----

Secure testing team - Aug 2009 - Bug#539891: CVE-2009-2654: allows remote attackers to spoof the address bar

[Secure-testing-team] Bug#539891: CVE-2009-2654: allows remote attackers to spoof the address bar