New Search

Mozilla Firefox before 3.0.13 and 3.5.x before 3.5.2 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a crafted web page that calls window.open with an invalid character in the URL makes document.write calls to the resulting object and then calls the stop method during the loading of the error page.

oval:org.mitre.oval:def:9686

Mozilla Firefox before 3.0.13 and 3.5.x before 3.5.2 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a crafted web page that calls window.open with an invalid character in the URL makes document.write calls to the resulting object and then calls the stop method during the loading of the error page.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 3
  • Red Hat Enterprise Linux 4
  • Oracle Linux 5
  • Oracle Linux 4
  • CentOS Linux 4
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2009-2654
Product(s):