CVE-2009-4130

Severity

57%

Complexity

86%

Confidentiality

81%

Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.

Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P).

Overview

First reported 15 years ago

2009-12-14 17:30:00

Last updated 7 years ago

2017-08-17 01:31:00

Affected Software

Mozilla Firefox

References

20091205 Mozilla Firefox JavaScript Prompt Spoofing Weakness

1023287

37232

firefox-makescriptdialogtitle-spoofing(54612)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.