CVE-2009-2654

Mozilla Firefox <3.0.13, 3.5.x <3.5.2 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2654. PoCs published by Juan Pablo Lopez Yacubian.

AI-analyzed exploit summary This exploit demonstrates a URI-spoofing vulnerability in Mozilla Firefox by using a long sequence of spaces in the URL to obscure the true domain, potentially misleading users into trusting a malicious site. The PoC opens a new window with arbitrary content, effectively spoofing the displayed URI.

Description

Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Juan Pablo Lopez Yacubian · htmlremotelinux

https://www.exploit-db.com/exploits/33103

View Code ZIP pw:eip

This exploit demonstrates a URI-spoofing vulnerability in Mozilla Firefox by using a long sequence of spaces in the URL to obscure the true domain, potentially misleading users into trusting a malicious site. The PoC opens a new window with arbitrary content, effectively spoofing the displayed URI.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Mozilla Firefox prior to 3.5.2 and 3.0.13

No auth needed

Prerequisites: Victim must click on a crafted link · Victim must be using a vulnerable version of Firefox

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (26)

Core 26

Core References

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2142

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36141

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2006

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/505265

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2009-1430.html

Patch, Vendor Advisory x_refsource_confirm

http://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=451898

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36001

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/811-1/

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35803

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36670

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36669

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36126

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2009-1432.html

Patch, Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2009/mfsa2009-44.html

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html

Exploit mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/505242/30/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/56717

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022603

Various Sources x_refsource_misc

http://es.geocities.com/jplopezy/firefoxspoofing.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2009/dsa-1873

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2009-1431.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36435

Scores

EPSS 0.0474

EPSS Percentile 90.7%

Details

CWE

CWE-20

Status published

Products (46)

mozilla/firefox 0.1

mozilla/firefox 0.2

mozilla/firefox 0.3

mozilla/firefox 0.4

mozilla/firefox 0.5

mozilla/firefox 0.6

mozilla/firefox 0.6.1

mozilla/firefox 0.7

mozilla/firefox 0.7.1

mozilla/firefox 0.8

... and 36 more

Published Aug 03, 2009

Tracked Since Feb 18, 2026