CVE-2009-4100

Yoono < 6.1.1 - Remote Code Execution and Cross-Domain Scripting via DOM Event Handlers

Title source: llm
STIX 2.1

Description

Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37123
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3326
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54417
Various Sources x_refsource_misc
http://www.net-security.org/secworld.php?id=8527
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37468

Scores

EPSS 0.0387
EPSS Percentile 89.0%

Details

CWE
CWE-20
Status published
Products (33)
yoono/yoono 2.0.2.474
yoono/yoono 2.0.3.564
yoono/yoono 2.0.4.641
yoono/yoono 2.1.0.743
yoono/yoono 2.2.1.1038
yoono/yoono 3.0.0.1268
yoono/yoono 3.0.0.1270
yoono/yoono 3.0.1.1388
yoono/yoono 3.0.2.1976
yoono/yoono 3.0.3.2369
... and 23 more
Published Nov 29, 2009
Tracked Since Feb 18, 2026