CVE-2009-0777 Information

Description

Mozilla Firefox before 3.0.7 Thunderbird before 2.0.0.21 and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

Reference

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://securitytracker.com/alerts/2009/Mar/1021799.html http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 http://www.mozilla.org/security/announce/2009/mfsa2009-11.html http://www.redhat.com/support/errata/RHSA-2009-0315.html http://www.securityfocus.com/bid/33990 http://www.vupen.com/english/advisories/2009/0632 https://bugzilla.mozilla.org/show_bug.cgi?id=452979 https://exchange.xforce.ibmcloud.com/vulnerabilities/49087 mozilla-invisible-url-spoofing(49087) https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11222 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6039 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6157 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6229 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7435