CVE-2009-4100
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
29/11/2009
Last modified:
09/04/2025
Description
Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:yoono:yoono:*:*:*:*:*:*:*:* | 6.1.0 (including) | |
cpe:2.3:a:yoono:yoono:2.0.2.474:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:2.0.3.564:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:2.0.4.641:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:2.1.0.743:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:2.2.1.1038:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:3.0.0.1268:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:3.0.0.1270:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:3.0.1.1388:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:3.0.2.1976:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:3.0.3.2369:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:3.0.4.2469:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:3.0.5.2626:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:3.0.6.2723:*:*:*:*:*:*:* | ||
cpe:2.3:a:yoono:yoono:3.1.0.2898:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/37468
- http://www.net-security.org/secworld.php?id=8527
- http://www.securityfocus.com/bid/37123
- http://www.vupen.com/english/advisories/2009/3326
- https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54417
- http://secunia.com/advisories/37468
- http://www.net-security.org/secworld.php?id=8527
- http://www.securityfocus.com/bid/37123
- http://www.vupen.com/english/advisories/2009/3326
- https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54417