{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-11-25T00:00:00", "descriptions": [{"lang": "en", "value": "Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "37123", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37123"}, {"name": "ADV-2009-3326", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3326"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1"}, {"name": "yoonoo-domevent-xss(54417)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54417"}, {"tags": ["x_refsource_MISC"], "url": "http://www.net-security.org/secworld.php?id=8527"}, {"name": "37468", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37468"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4100", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "37123", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37123"}, {"name": "ADV-2009-3326", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3326"}, {"name": "https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1", "refsource": "CONFIRM", "url": "https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1"}, {"name": "yoonoo-domevent-xss(54417)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54417"}, {"name": "http://www.net-security.org/secworld.php?id=8527", "refsource": "MISC", "url": "http://www.net-security.org/secworld.php?id=8527"}, {"name": "37468", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37468"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:54:10.101Z"}, "title": "CVE Program Container", "references": [{"name": "37123", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37123"}, {"name": "ADV-2009-3326", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3326"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1"}, {"name": "yoonoo-domevent-xss(54417)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54417"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.net-security.org/secworld.php?id=8527"}, {"name": "37468", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37468"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4100", "datePublished": "2009-11-28T11:00:00", "dateReserved": "2009-11-28T00:00:00", "dateUpdated": "2024-08-07T06:54:10.101Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yoono:yoono:*:*:*:*:*:*:*:*", "matchCriteriaId": "8672C9E4-520C-40F2-9BA1-17292AA2D2FC", "versionEndIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:2.0.2.474:*:*:*:*:*:*:*", "matchCriteriaId": "13A7E116-AF8A-44FE-BB59-D7F5C960D380", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:2.0.3.564:*:*:*:*:*:*:*", "matchCriteriaId": "E291D7B2-78FE-4AC4-AEB3-25D6DF64FD57", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:2.0.4.641:*:*:*:*:*:*:*", "matchCriteriaId": "8E52E7CE-17E6-4236-BF11-71DDE7929DB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:2.1.0.743:*:*:*:*:*:*:*", "matchCriteriaId": "02D5A3E7-56BE-4E73-8C52-43337C0D935D", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:2.2.1.1038:*:*:*:*:*:*:*", "matchCriteriaId": "9194EA29-A019-448F-BFD7-4D15861CFF2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:3.0.0.1268:*:*:*:*:*:*:*", "matchCriteriaId": "93998252-0AA7-47B7-B72C-6962FD7E7168", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:3.0.0.1270:*:*:*:*:*:*:*", "matchCriteriaId": "EB5BDDF4-F63B-4F4D-9655-66362520F2E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:3.0.1.1388:*:*:*:*:*:*:*", "matchCriteriaId": "102261B7-7AC2-497D-A393-4A029C972213", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:3.0.2.1976:*:*:*:*:*:*:*", "matchCriteriaId": "2BFB3765-38C6-4474-924E-613324530C44", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:3.0.3.2369:*:*:*:*:*:*:*", "matchCriteriaId": "DBB9BCAE-02DA-4E2C-930F-270F3F48E792", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:3.0.4.2469:*:*:*:*:*:*:*", "matchCriteriaId": "E6028C4A-C0AF-4497-8C96-C7EE975C9D8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:3.0.5.2626:*:*:*:*:*:*:*", "matchCriteriaId": "5FCEE47D-CD03-4E80-9C81-8C28062B4787", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:3.0.6.2723:*:*:*:*:*:*:*", "matchCriteriaId": "273F0B0E-D171-405B-B421-B185A97C6A46", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:3.1.0.2898:*:*:*:*:*:*:*", "matchCriteriaId": "D557BFE2-BFDE-479B-89AB-21EE49DD8EF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:3.1.1.2999:*:*:*:*:*:*:*", "matchCriteriaId": "155BC363-9577-424E-BDA5-A8F0A267A1E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:4.0.0.4529:*:*:*:*:*:*:*", "matchCriteriaId": "92AFCCC9-A7F2-4E45-975B-A253B4C78413", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:4.0.1.4774:*:*:*:*:*:*:*", "matchCriteriaId": "6EE75F46-55B5-4DCC-98B1-B3BFC2F7B462", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:4.0.2.5149:*:*:*:*:*:*:*", "matchCriteriaId": "F3276A3D-C603-4187-9981-68AF84836DA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:4.0.3.5488:*:*:*:*:*:*:*", "matchCriteriaId": "152D0A1C-CCF0-4238-B505-57CD8C0E2815", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:5.0.1.11511_11520:*:*:*:*:*:*:*", "matchCriteriaId": "9225E5EA-B2D5-4E9B-BA5E-36419D43ACC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC0F04B1-CEAD-4C86-AFAE-366379AB72BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "823A7319-A550-476B-9E52-6D27C3162953", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FC77C93B-F28E-49C5-A4B5-46D4C98C57BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "59BE93A6-E997-4304-9BB2-1B41E1C52875", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "CAD2A4DA-D209-4F64-A233-9C49433235C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:5.0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "505F95F9-B873-4218-BEBB-394351EE4ECF", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2A0736D-283C-4ECB-9A8E-82CEC7A008CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B652DE4B-4A39-487C-B7C9-3EFAE812C462", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6EF27FB-4DD9-4CDD-9CF9-A075C9B3D856", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CBBAC4E7-7349-4AE6-9142-02C91A62E4E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "790D2BD3-8360-4B79-A4A0-2830B979BA68", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoono:yoono:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7037DC76-925C-43EF-9F88-3E2A6349C3EC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload."}, {"lang": "es", "value": "La extensi\u00f3n Yoono anterior a versi\u00f3n 6.1.1 para Firefox, realiza ciertas operaciones con privilegios de Chrome, que permite a los atacantes remotos asistidos por el usuario para ejecutar comandos arbitrarios y realizar ataques de tipo cross-domain scripting por medio de manejadores de eventos DOM tal y como onload."}], "evaluatorImpact": "Per info from the following advisory: \r\n\r\nhttp://www.net-security.org/secworld.php?id=8527\r\n\r\nRaised the score to CIA:complete\r\n\r\n\r\nNVD received information from Yoono development team on December 4, 2009 that the affected versions are in fact 6.1.0 and previous.  NVD adjusted affected versions accordingly because of this new information.", "evaluatorSolution": "NVD received information from Yoono development team on December 4, 2009 that the fixed version is in fact 6.1.1.  A patch can be found at the following URL:\r\n\r\nhttps://addons.mozilla.org/en-US/firefox/addons/versions/1833\r\n\r\n\r\n", "id": "CVE-2009-4100", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-11-29T13:08:29.390", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37468"}, {"source": "cve@mitre.org", "url": "http://www.net-security.org/secworld.php?id=8527"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/37123"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3326"}, {"source": "cve@mitre.org", "url": "https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37468"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.net-security.org/secworld.php?id=8527"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/37123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54417"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}