CVE

Id
40438  
CVE No.
CVE-2009-3003  
Status
Candidate  
Description
Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.  
Phase
Assigned (20090828)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
444360 40438 CVE-2009-3003 MISC:http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html  View
444361 40438 CVE-2009-3003 OVAL:oval:org.mitre.oval:def:12817  View
444362 40438 CVE-2009-3003 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12817  View
444363 40438 CVE-2009-3003 SECUNIA:36334  View
444364 40438 CVE-2009-3003 URL:http://secunia.com/advisories/36334  View
444365 40438 CVE-2009-3003 XF:ie-windowopen-spoofing(53005)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
42693 JVNDB-2009-003700 Mozilla Firefox におけるアドレスバーを偽装される脆弱性 Mozilla Firefox、SeaMonkey および Flock には、アドレスバーを偽装される脆弱性が存在します。 CVE-2009-3007 40438 4.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003700.html  View