Vulnerabilities > CVE-2009-3006 - Unspecified vulnerability in Maxthon Browser 2.5.3.80
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Oval
| accepted | 2010-01-04T04:01:46.519-05:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| definition_extensions |
| ||||
| description | Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. | ||||
| family | windows | ||||
| id | oval:org.mitre.oval:def:6437 | ||||
| status | accepted | ||||
| submitted | 2009-11-23T10:27:31.430-04:00 | ||||
| title | Maxthon Browser Address Bar Spoofing Vulnerability | ||||
| version | 21 |
References
- http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html
- http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53009
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6437
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6437