What is the severity of CVE-2009-0652?

CVE-2009-0652 has a medium severity rating due to its potential for phishing attacks through URL spoofing.

How do I fix CVE-2009-0652?

To fix CVE-2009-0652, upgrade to a version of Mozilla Firefox that is 3.0.9 or later, Thunderbird 2.0.0.21 or later, or SeaMonkey 1.1.15 or later.

Who is affected by CVE-2009-0652?

CVE-2009-0652 affects users of Mozilla Firefox versions prior to 3.0.9, Thunderbird versions before 2.0.0.21, and SeaMonkey versions prior to 1.1.15.

What kind of attacks can CVE-2009-0652 allow?

CVE-2009-0652 allows remote attackers to conduct phishing attacks by spoofing URLs using non-standard characters.

Is there a workaround for CVE-2009-0652?

While upgrading to a secure version is the best fix, users can also avoid clicking on links from untrusted sources to mitigate risks associated with CVE-2009-0652.

Vulnerability/
CVE-2009-0652

medium

5.8

CWE

NVD-CWE-Other

20/2/2009

3/10/2018

CVE-2009-0652

First published: Fri Feb 20 2009(Updated: )

The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	<=3.0.6
Mozilla Firefox	=1.0
Mozilla Firefox	=1.0.1
Mozilla Firefox	=1.0.2
Mozilla Firefox	=1.0.3
Mozilla Firefox	=1.0.4
Mozilla Firefox	=1.0.5
Mozilla Firefox	=1.0.6
Mozilla Firefox	=1.0.7
Mozilla Firefox	=1.0.8
Mozilla Firefox	=1.5
Mozilla Firefox	=1.5.0.1
Mozilla Firefox	=1.5.0.2
Mozilla Firefox	=1.5.0.3
Mozilla Firefox	=1.5.0.4
Mozilla Firefox	=1.5.0.5
Mozilla Firefox	=1.5.0.6
Mozilla Firefox	=1.5.0.7
Mozilla Firefox	=1.5.0.8
Mozilla Firefox	=1.5.0.9
Mozilla Firefox	=1.5.0.10
Mozilla Firefox	=1.5.0.11
Mozilla Firefox	=1.5.0.12
Mozilla Firefox	=2.0
Mozilla Firefox	=2.0.0.1
Mozilla Firefox	=2.0.0.2
Mozilla Firefox	=2.0.0.3
Mozilla Firefox	=2.0.0.4
Mozilla Firefox	=2.0.0.5
Mozilla Firefox	=2.0.0.6
Mozilla Firefox	=2.0.0.7
Mozilla Firefox	=2.0.0.8
Mozilla Firefox	=2.0.0.9
Mozilla Firefox	=2.0.0.10
Mozilla Firefox	=2.0.0.11
Mozilla Firefox	=2.0.0.12
Mozilla Firefox	=2.0.0.13
Mozilla Firefox	=2.0.0.14
Mozilla Firefox	=2.0.0.15
Mozilla Firefox	=2.0.0.16
Mozilla Firefox	=2.0.0.17
Mozilla Firefox	=2.0.0.18
Mozilla Firefox	=2.0.0.19
Mozilla Firefox	=2.0.0.20
Mozilla Firefox	=3.0
Mozilla Firefox	=3.0.1
Mozilla Firefox	=3.0.2
Mozilla Firefox	=3.0.3
Mozilla Firefox	=3.0.4
Mozilla Firefox	=3.0.5
Mozilla SeaMonkey	<=1.1.14
Mozilla SeaMonkey	=1.0
Mozilla SeaMonkey	=1.0.1
Mozilla SeaMonkey	=1.0.2
Mozilla SeaMonkey	=1.0.3
Mozilla SeaMonkey	=1.0.5
Mozilla SeaMonkey	=1.0.6
Mozilla SeaMonkey	=1.0.7
Mozilla SeaMonkey	=1.0.8
Mozilla SeaMonkey	=1.0.9
Mozilla SeaMonkey	=1.1
Mozilla SeaMonkey	=1.1-alpha
Mozilla SeaMonkey	=1.1-beta
Mozilla SeaMonkey	=1.1.1
Mozilla SeaMonkey	=1.1.2
Mozilla SeaMonkey	=1.1.3
Mozilla SeaMonkey	=1.1.4
Mozilla SeaMonkey	=1.1.5
Mozilla SeaMonkey	=1.1.6
Mozilla SeaMonkey	=1.1.7
Mozilla SeaMonkey	=1.1.8
Mozilla SeaMonkey	=1.1.9
Mozilla SeaMonkey	=1.1.10
Mozilla SeaMonkey	=1.1.11
Mozilla SeaMonkey	=1.1.12
Mozilla SeaMonkey	=1.1.13
Mozilla Thunderbird	<=2.0.0.20
Mozilla Thunderbird	=2.0.0.0
Mozilla Thunderbird	=2.0.0.4
Mozilla Thunderbird	=2.0.0.5
Mozilla Thunderbird	=2.0.0.6
Mozilla Thunderbird	=2.0.0.9
Mozilla Thunderbird	=2.0.0.12
Mozilla Thunderbird	=2.0.0.14
Mozilla Thunderbird	=2.0.0.16
Mozilla Thunderbird	=2.0.0.17
Mozilla Thunderbird	=2.0.0.18
Mozilla Thunderbird	=2.0.0.19

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0652?
CVE-2009-0652 has a medium severity rating due to its potential for phishing attacks through URL spoofing.
How do I fix CVE-2009-0652?
To fix CVE-2009-0652, upgrade to a version of Mozilla Firefox that is 3.0.9 or later, Thunderbird 2.0.0.21 or later, or SeaMonkey 1.1.15 or later.
Who is affected by CVE-2009-0652?
CVE-2009-0652 affects users of Mozilla Firefox versions prior to 3.0.9, Thunderbird versions before 2.0.0.21, and SeaMonkey versions prior to 1.1.15.
What kind of attacks can CVE-2009-0652 allow?
CVE-2009-0652 allows remote attackers to conduct phishing attacks by spoofing URLs using non-standard characters.
Is there a workaround for CVE-2009-0652?
While upgrading to a secure version is the best fix, users can also avoid clicking on links from untrusted sources to mitigate risks associated with CVE-2009-0652.

agent/references
agent/severity
agent/author
agent/weakness
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/mozilla
canonical/mozilla seamonkey
version/mozilla seamonkey/1.1.10
version/mozilla seamonkey/1.0.3
canonical/mozilla firefox
version/mozilla firefox/2.0.0.12
canonical/mozilla thunderbird
version/mozilla thunderbird/2.0.0.4
version/mozilla seamonkey/1.1.8
version/mozilla seamonkey/1.0.1
version/mozilla seamonkey/1.1.7
version/mozilla thunderbird/2.0.0.6
version/mozilla seamonkey/1.0.6
version/mozilla firefox/1.5.0.6
version/mozilla seamonkey/1.0.9
version/mozilla seamonkey/1.1.14
version/mozilla seamonkey/1.1.3
version/mozilla firefox/2.0.0.2
version/mozilla firefox/1.5.0.10
version/mozilla firefox/1.5.0.3
version/mozilla seamonkey/1.0
version/mozilla firefox/1.5.0.11
version/mozilla thunderbird/2.0.0.18
version/mozilla thunderbird/2.0.0.9
version/mozilla seamonkey/1.1.5
version/mozilla seamonkey/1.0.7
version/mozilla firefox/1.0.2
version/mozilla firefox/3.0.4
version/mozilla seamonkey/1.1-alpha
version/mozilla thunderbird/2.0.0.16
version/mozilla firefox/3.0.5
version/mozilla firefox/1.5
version/mozilla firefox/1.0.4
version/mozilla firefox/2.0.0.7
version/mozilla firefox/1.0.7
version/mozilla seamonkey/1.1.12
version/mozilla seamonkey/1.1
version/mozilla firefox/2.0.0.9
version/mozilla firefox/2.0.0.16
version/mozilla thunderbird/2.0.0.20
version/mozilla firefox/2.0.0.17
version/mozilla seamonkey/1.1.2
version/mozilla firefox/2.0.0.15
version/mozilla seamonkey/1.0.2
version/mozilla seamonkey/1.0.8
version/mozilla thunderbird/2.0.0.0
version/mozilla seamonkey/1.1.11
version/mozilla firefox/1.0
version/mozilla firefox/3.0.3
version/mozilla seamonkey/1.1-beta
version/mozilla seamonkey/1.1.1
version/mozilla firefox/1.5.0.7
version/mozilla thunderbird/2.0.0.12
version/mozilla firefox/2.0
version/mozilla firefox/1.0.1
version/mozilla firefox/2.0.0.14
version/mozilla seamonkey/1.0.5
version/mozilla thunderbird/2.0.0.14
version/mozilla firefox/1.5.0.8
version/mozilla firefox/2.0.0.3
version/mozilla firefox/1.5.0.9
version/mozilla thunderbird/2.0.0.17
version/mozilla firefox/1.5.0.5
version/mozilla firefox/1.5.0.12
version/mozilla firefox/2.0.0.6
version/mozilla seamonkey/1.1.6
version/mozilla firefox/3.0
version/mozilla firefox/2.0.0.11
version/mozilla firefox/1.5.0.2
version/mozilla firefox/1.0.3
version/mozilla firefox/3.0.1
version/mozilla firefox/2.0.0.4
version/mozilla firefox/2.0.0.13
version/mozilla firefox/2.0.0.18
version/mozilla firefox/3.0.6
version/mozilla firefox/2.0.0.1
version/mozilla firefox/3.0.2
version/mozilla thunderbird/2.0.0.5
version/mozilla seamonkey/1.1.9
version/mozilla seamonkey/1.1.13
version/mozilla firefox/2.0.0.20
version/mozilla firefox/2.0.0.8
version/mozilla firefox/2.0.0.19
version/mozilla firefox/1.5.0.4
version/mozilla firefox/1.5.0.1
version/mozilla firefox/1.0.5
version/mozilla firefox/2.0.0.5
version/mozilla firefox/2.0.0.10
version/mozilla thunderbird/2.0.0.19
version/mozilla firefox/1.0.6
version/mozilla seamonkey/1.1.4
version/mozilla firefox/1.0.8

CVE-2009-0652

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0652?

How do I fix CVE-2009-0652?

Who is affected by CVE-2009-0652?

What kind of attacks can CVE-2009-0652 allow?

Is there a workaround for CVE-2009-0652?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2009-0652?

How do I fix CVE-2009-0652?

Who is affected by CVE-2009-0652?

What kind of attacks can CVE-2009-0652 allow?

Is there a workaround for CVE-2009-0652?