CVE-2009-0652

EPSS 2.13% · P84 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-0652

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Mozilla Firefox International Domain Name Subdomain URI欺骗漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Mozilla Firefox是由Mozilla基金会与开源团体共同开发的网页浏览器。 Mozilla Firefox 3.0.6版本及其其他3.0.9之前的版本的国际化域名(IDN)黑名单; Thunderbird2.0.0.21之前的版本; 和SeaMonkey1.1.15之前的版本没有包括box-drawing字符,这会允许远程攻击者骗取URLs并执行钓鱼攻击，例如一个.cn域名中的子域的/和？字符的homoglyphs。此漏洞不同于CVE-2005-0233。注意:一些第三方指出3.0.6版本并

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2009-0652

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2009-0652

请登录查看更多情报信息。

https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdfx_refsource_MISC
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspikex_refsource_MISC
http://www.mozilla.org/security/announce/2009/mfsa2009-15.htmlx_refsource_CONFIRM
http://secunia.com/advisories/34843third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/34096third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/35065third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/34894third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/33837vdb-entryx_refsource_BID
http://secunia.com/advisories/34844third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/35042third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1830vendor-advisoryx_refsource_DEBIAN
http://www.debian.org/security/2009/dsa-1797vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/764-1/vendor-advisoryx_refsource_UBUNTU
http://www.vupen.com/english/advisories/2009/1125vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111vendor-advisoryx_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2009-0437.htmlvendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2009-0436.htmlvendor-advisoryx_refsource_REDHAT
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.htmlvendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlvendor-advisoryx_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11396vdb-entrysignaturex_refsource_OVAL
http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.htmlmailing-listx_refsource_MLIST
http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.htmlmailing-listx_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilities/48974vdb-entryx_refsource_XF
https://nvd.nist.gov/vuln/detail/CVE-2009-0652

Same Patch Batch · n/a · 2009-02-20 · 51 CVEs total

CVE-2008-6203		Jakob-Persson CoBaLT 'adminler.asp' SQL注入漏洞
CVE-2008-6209		Vastal Software Zone 'view_product.php' SQL注入漏洞
CVE-2008-6195		LANDesk Management Suite 服务PXE TFTP 目录遍历漏洞
CVE-2008-6196		Philippe CROCHAT EasySite 多个远程文件包含漏洞
CVE-2008-6197		KwsPHP Galerie Module "id_gal" Parameter SQL注入漏洞
CVE-2008-6198		Mybboard MyBB Custom Pages模块 "pages" 参数 SQL注入漏洞
CVE-2008-6199		2532gigs权限许可和访问控制问题漏洞
CVE-2008-6212		Php-Stats "admin.php" 多个跨站脚本攻击漏洞
CVE-2008-6205		Xaaaaav38 URLStreet 'seeurl.php'跨站脚本攻击漏洞
CVE-2008-6204		SuperNET Shop 多个远程文件SQL注入漏洞
CVE-2008-6206		RobotStats 多个远程文件包含漏洞
CVE-2008-6202		Jakob-Persson CoBaLT SQL注入漏洞
CVE-2008-6201		KwsPHP Eskuel Module "help.php" 目录遍历漏洞
CVE-2008-6200		Wiki Swiki多个跨站脚本攻击漏洞
CVE-2008-6219		EMC NetWorker产品nsrexecd.exe RPC请求拒绝服务漏洞
CVE-2008-6218		Libpng库png_handle_tEXt()内存泄露漏洞
CVE-2008-6217		Extrakt Framework "index.php" 跨站脚本攻击漏洞
CVE-2008-6216		Venalsur Booking Centre 'cadena_ofertas_ext.php' SQL注入"漏洞
CVE-2008-6215		Venalsur Booking Centre 'cadena_ofertas_ext.php'跨站脚本攻击漏洞
CVE-2008-6214		Harlandscripts Pro Traffic One "poll_results.php" SQL注入漏洞

Showing top 20 of 51 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2009-0652

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2009-0652

I. Basic Information for CVE-2009-0652

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2009-0652

III. Intelligence Information for CVE-2009-0652

Same Patch Batch · n/a · 2009-02-20 · 51 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2009-0652

Leave a comment