Unrated severityNVD Advisory· Published Jul 22, 2009· Updated Jun 16, 2026
CVE-2009-2472
CVE-2009-2472
Description
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <3.0.12
- (no CPE)range: <3.0.12
cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
18- www.mozilla.org/security/announce/2009/mfsa2009-40.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/35758nvdPatchThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2009/1972nvdPatchThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPatchVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPatchVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.htmlnvdMailing ListThird Party Advisory
- secunia.com/advisories/35914nvdThird Party Advisory
- secunia.com/advisories/35944nvdThird Party Advisory
- secunia.com/advisories/36005nvdThird Party Advisory
- secunia.com/advisories/36145nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/2152nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9497nvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2009-1162.htmlnvdBroken Link
- sunsolve.sun.com/search/document.donvdBroken Link
- sunsolve.sun.com/search/document.donvdBroken Link
News mentions
0No linked articles in our index yet.