CVE-2009-0253

Mozilla Firefox 3.0.5 - Clickjacking via Status Bar Obfuscation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0253. PoCs published by MrDoug.

AI-analyzed exploit summary This exploit demonstrates a clickjacking vulnerability in Firefox 3.0.5 by obfuscating the status bar and tricking users into clicking a hidden div that redirects to an unintended URL.

Description

Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.

Exploits (1)

exploitdb WORKING POC VERIFIED
by MrDoug · htmlremotewindows
https://www.exploit-db.com/exploits/7842

This exploit demonstrates a clickjacking vulnerability in Firefox 3.0.5 by obfuscating the status bar and tricking users into clicking a hidden div that redirects to an unintended URL.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Firefox 3.0.5
No auth needed
Prerequisites: User interaction (clicking a link)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7842
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48212
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4936

Scores

EPSS 0.0253
EPSS Percentile 82.8%

Details

Status published
Products (1)
mozilla/firefox 3.0.5
Published Jan 22, 2009
Tracked Since Feb 18, 2026