CVE-2009-0777

NameCVE-2009-0777
DescriptionMozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs576466

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceweaselsourceetch(unfixed)end-of-life
iceweaselsource(unstable)3.0.7-1low576466

Notes

[lenny] - iceweasel <no-dsa> (minor issue)
[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)

Search for package or bug name: Reporting problems