CVE-2009-3079

Firefox < 3.0.14 and 3.5.x < 3.5.3 - Remote Code Execution via FeedWriter

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36343
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1886
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1430.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36670
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36671
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10390
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6250
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022873
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36757
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=454363
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37098

Scores

EPSS 0.0387
EPSS Percentile 88.9%

Details

CWE
CWE-94
Status published
Products (46)
mozilla/firefox 0.1
mozilla/firefox 0.2
mozilla/firefox 0.3
mozilla/firefox 0.4
mozilla/firefox 0.5
mozilla/firefox 0.6
mozilla/firefox 0.6.1
mozilla/firefox 0.7
mozilla/firefox 0.7.1
mozilla/firefox 0.8
... and 36 more
Published Sep 10, 2009
Tracked Since Feb 18, 2026