FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-3076

This CVE name corresponds to:

Entered Topic
2009-09-10 mozilla firefox -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-3076 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-3076
Phase Assigned(20090904)

Description

Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.

References

Source Reference
CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-48.html
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=326628
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=509413
DEBIAN DSA-1885
REDHAT RHSA-2009:1430
REDHAT RHSA-2009:1431
REDHAT RHSA-2009:1432
REDHAT RHSA-2010:0153
REDHAT RHSA-2010:0154
SUSE SUSE-SA:2009:048
BID 36343
BID 36671
OVAL oval:org.mitre.oval:def:6140
OVAL oval:org.mitre.oval:def:9306
SECTRACK 1022877
SECUNIA 36671
SECUNIA 37098
SECUNIA 36669
SECUNIA 36670
SECUNIA 36692
VUPEN ADV-2010-0650

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.