CVE-2009-1834

Firefox < 3.0.11 - Location Bar Spoofing via Invalid Unicode IDN Characters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1834. PoCs published by Pavel Cvrcek.

AI-analyzed exploit summary This is a writeup describing a URI-spoofing vulnerability in Mozilla Firefox and SeaMonkey. The vulnerability allows an attacker to spoof a URI by inserting arbitrary content, potentially misleading users into trusting a malicious site.

Description

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Pavel Cvrcek · textremotelinux

https://www.exploit-db.com/exploits/33039

View Code ZIP pw:eip

This is a writeup describing a URI-spoofing vulnerability in Mozilla Firefox and SeaMonkey. The vulnerability allows an attacker to spoof a URI by inserting arbitrary content, potentially misleading users into trusting a malicious site.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Mozilla Firefox < 3.0.11, SeaMonkey < 1.1.17

No auth needed

Prerequisites: User interaction required to visit a malicious URI

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19

Core References

Vendor Advisory vendor-advisory x_refsource_slackware

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1572

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35388

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10436

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35326

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2009/mfsa2009-25.html

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35431

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35331

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35468

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35439

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35415

Vendor Advisory vendor-advisory x_refsource_redhat

https://rhn.redhat.com/errata/RHSA-2009-1095.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/55162

Exploit x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=479413

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2009/dsa-1820

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=503573

Scores

EPSS 0.1137

EPSS Percentile 93.7%

Details

CWE

CWE-20

Status published

Products (45)

mozilla/firefox 0.1

mozilla/firefox 0.2

mozilla/firefox 0.3

mozilla/firefox 0.4

mozilla/firefox 0.5

mozilla/firefox 0.6

mozilla/firefox 0.6.1

mozilla/firefox 0.7

mozilla/firefox 0.7.1

mozilla/firefox 0.8

... and 35 more

Published Jun 12, 2009

Tracked Since Feb 18, 2026