CVE-2009-4130 : Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGloba

Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.

Published 2009-12-14 17:30:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-4130

Mozilla » Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-4130

EPSS FAQ

0.51%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 64 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-4130

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.8	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

References for CVE-2009-4130

http://archives.neohapsis.com/archives/bugtraq/2009-12/0104.html

CVEs referencing this url
http://securitytracker.com/id?1023287

CVEs referencing this url
http://www.securityfocus.com/bid/37232
https://exchange.xforce.ibmcloud.com/vulnerabilities/54612

Jump to

Vulnerability Details : CVE-2009-4130

Products affected by CVE-2009-4130

Exploit prediction scoring system (EPSS) score for CVE-2009-4130

CVSS scores for CVE-2009-4130

References for CVE-2009-4130