CVE-2009-3076 Information

Description

Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.

Reference

http://secunia.com/advisories/36669 http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36692 http://secunia.com/advisories/37098 http://www.debian.org/security/2009/dsa-1885 http://www.mozilla.org/security/announce/2009/mfsa2009-48.html http://www.novell.com/linux/security/advisories/2009_48_firefox.html http://www.redhat.com/support/errata/RHSA-2009-1430.html http://www.redhat.com/support/errata/RHSA-2009-1431.html http://www.redhat.com/support/errata/RHSA-2009-1432.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html http://www.securityfocus.com/bid/36343 http://www.securitytracker.com/id?1022877 http://www.vupen.com/english/advisories/2010/0650 https://bugzilla.mozilla.org/show_bug.cgi?id=326628 https://bugzilla.mozilla.org/show_bug.cgi?id=509413 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6140 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9306