CVE-2009-3076

Advisory lineage Upstream: 0 Downstream: 6
Modified
Published: 10 Sept 2009, 21:00
Last modified:07 Aug 2024, 06:14

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.3 HIGH
v2.0 (nvd)
EPSS Score
17.6% MEDIUM
18% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

10 Sept 2009, 21:00
Published
Vulnerability first disclosed
07 Aug 2024, 06:14
Last Modified
Vulnerability information updated

Description

Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.

CVSS Metrics

  • v2.0HIGHScore: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 17.60% Percentile: 95%

Affected Systems

  • mozillafirefox

    ≤ 3.0.13 | 0.1 | 0.2 | 0.3 | 0.4 | 0.5 | 0.6 | 0.6.1 | 0.7 | 0.7.1 | 0.8 | 0.9 | 0.9:rc | 0.9.1 | 0.9.2 | 0.9.3 | 0.9_rc | 0.10 | 0.10.1 | 1.0 | 1.0:preview_release | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.4.1 | 1.5 | 1.5:beta1 | 1.5:beta2 | 1.5.0.1 | 1.5.0.2 | 1.5.0.3 | 1.5.0.4 | 1.5.0.5 | 1.5.0.6 | 1.5.0.7 | 1.5.0.8 | 1.5.0.9 | 1.5.0.10 | 1.5.0.11 | 1.5.0.12 | 1.5.1 | 1.5.2 | 1.5.3 | 1.5.4 | 1.5.5 | 1.5.6 | 1.5.7 | 1.5.8 | 1.8 | 2.0 | 2.0:beta_1 | 2.0:beta1 | 2.0:rc2 | 2.0:rc3 | 2.0.0.1 | 2.0.0.2 | 2.0.0.3 | 2.0.0.4 | 2.0.0.5 | 2.0.0.6 | 2.0.0.7 | 2.0.0.8 | 2.0.0.9 | 2.0.0.10 | 2.0.0.11 | 2.0.0.12 | 2.0.0.13 | 2.0.0.14 | 2.0.0.15 | 2.0.0.16 | 2.0.0.17 | 2.0.0.18 | 2.0.0.19 | 2.0.0.20 | 2.0.0.21 | 2.0_.1 | 2.0_.4 | 2.0_.5 | 2.0_.6 | 2.0_.7 | 2.0_.9 | 2.0_.10 | 2.0_8 | 3.0 | 3.0:alpha | 3.0:beta2 | 3.0:beta5 | 3.0.1 | 3.0.2 | 3.0.3 | 3.0.4 | 3.0.5 | 3.0.6 | 3.0.7 | 3.0.8 | 3.0.9 | 3.0.10 | 3.0.11 | 3.0.12

References (20)