CVE-2009-5017
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Modified
Published: 12 Nov 2010, 21:00
Last modified:16 Sept 2024, 17:44
Vulnerability Summary
Overall Risk (default)
medium
27/100 CVSS Score
4.3 MEDIUM
v2.0 (nvd)
EPSS Score
0.17% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
12 Nov 2010, 21:00
Published
Vulnerability first disclosed
16 Sept 2024, 17:44
Last Modified
Vulnerability information updated
Description
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS Trends
Current EPSS score: 0.17%• Percentile: 37%
Techniques & Countermeasures
- CWE-79•Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Affected Systems
- mozilla•firefox
≤ 3.6 | 3.6:beta1