CVE-2009-4100
Yoono < 6.1.1 - Remote Code Execution and Cross-Domain Scripting via DOM Event Handlers
Title source: llmDescription
Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37123
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3326
Various Sources x_refsource_confirm
https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54417
Various Sources x_refsource_misc
http://www.net-security.org/secworld.php?id=8527
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37468
Scores
EPSS
0.0387
EPSS Percentile
89.0%
Details
CWE
CWE-20
Status
published
Products (33)
yoono/yoono
2.0.2.474
yoono/yoono
2.0.3.564
yoono/yoono
2.0.4.641
yoono/yoono
2.1.0.743
yoono/yoono
2.2.1.1038
yoono/yoono
3.0.0.1268
yoono/yoono
3.0.0.1270
yoono/yoono
3.0.1.1388
yoono/yoono
3.0.2.1976
yoono/yoono
3.0.3.2369
... and 23 more
Published
Nov 29, 2009
Tracked Since
Feb 18, 2026