CVE-2009-3008
First published: Fri Aug 28 2009(Updated: )
K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| christophe thibault K-Meleon | =1.5.3 | |
| K-Meleon | =1.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-3008?
CVE-2009-3008 is considered a moderate security vulnerability due to its potential for spoofing attacks.
How do I fix CVE-2009-3008?
To fix CVE-2009-3008, update K-Meleon to a version that addresses this vulnerability, preferably beyond 1.5.3.
What type of attack does CVE-2009-3008 enable?
CVE-2009-3008 enables context-dependent spoofing attacks, allowing malicious content to mislead users about URLs.
Which version of K-Meleon is affected by CVE-2009-3008?
K-Meleon versions 1.5.3 are affected by CVE-2009-3008.
Can CVE-2009-3008 lead to data leakage?
Yes, CVE-2009-3008 can lead to data leakage as attackers can spoof file URLs shown in the address bar.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/christophe thibault
- canonical/christophe thibault k-meleon
- version/christophe thibault k-meleon/1.5.3
- canonical/k-meleon
- version/k-meleon/1.5.3