CVE-2009-3983

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
mozillafirefox
𝑥
≤ 3.0.15
mozillafirefox
0.1
mozillafirefox
0.2
mozillafirefox
0.3
mozillafirefox
0.4
mozillafirefox
0.5
mozillafirefox
0.6
mozillafirefox
0.6.1
mozillafirefox
0.7
mozillafirefox
0.7.1
mozillafirefox
0.8
mozillafirefox
0.9
mozillafirefox
0.9:rc
mozillafirefox
0.9.1
mozillafirefox
0.9.2
mozillafirefox
0.9.3
mozillafirefox
0.10
mozillafirefox
0.10.1
mozillafirefox
1.0
mozillafirefox
1.0:preview_release
mozillafirefox
1.0.1
mozillafirefox
1.0.2
mozillafirefox
1.0.3
mozillafirefox
1.0.4
mozillafirefox
1.0.5
mozillafirefox
1.0.6
mozillafirefox
1.0.7
mozillafirefox
1.0.8
mozillafirefox
1.4.1
mozillafirefox
1.5
mozillafirefox
1.5:beta1
mozillafirefox
1.5:beta2
mozillafirefox
1.5.0.1
mozillafirefox
1.5.0.2
mozillafirefox
1.5.0.3
mozillafirefox
1.5.0.4
mozillafirefox
1.5.0.5
mozillafirefox
1.5.0.6
mozillafirefox
1.5.0.7
mozillafirefox
1.5.0.8
mozillafirefox
1.5.0.9
mozillafirefox
1.5.0.10
mozillafirefox
1.5.0.11
mozillafirefox
1.5.0.12
mozillafirefox
1.5.1
mozillafirefox
1.5.2
mozillafirefox
1.5.3
mozillafirefox
1.5.4
mozillafirefox
1.5.5
mozillafirefox
1.5.6
mozillafirefox
1.5.7
mozillafirefox
1.5.8
mozillafirefox
1.8
mozillafirefox
2.0
mozillafirefox
2.0:beta_1
mozillafirefox
2.0:beta1
mozillafirefox
2.0:rc2
mozillafirefox
2.0:rc3
mozillafirefox
2.0.0.1
mozillafirefox
2.0.0.2
mozillafirefox
2.0.0.3
mozillafirefox
2.0.0.4
mozillafirefox
2.0.0.5
mozillafirefox
2.0.0.6
mozillafirefox
2.0.0.7
mozillafirefox
2.0.0.8
mozillafirefox
2.0.0.9
mozillafirefox
2.0.0.10
mozillafirefox
2.0.0.11
mozillafirefox
2.0.0.12
mozillafirefox
2.0.0.13
mozillafirefox
2.0.0.14
mozillafirefox
2.0.0.15
mozillafirefox
2.0.0.16
mozillafirefox
2.0.0.17
mozillafirefox
2.0.0.18
mozillafirefox
2.0.0.19
mozillafirefox
2.0.0.20
mozillafirefox
2.0.0.21
mozillafirefox
2.0_.1:_.1
mozillafirefox
2.0_.4:_.4
mozillafirefox
2.0_.5:_.5
mozillafirefox
2.0_.6:_.6
mozillafirefox
2.0_.7:_.7
mozillafirefox
2.0_.9:_.9
mozillafirefox
2.0_.10:_.10
mozillafirefox
2.0_8:_8
mozillafirefox
3.0
mozillafirefox
3.0:alpha
mozillafirefox
3.0:beta2
mozillafirefox
3.0:beta5
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
mozillafirefox
3.0.6
mozillafirefox
3.0.7
mozillafirefox
3.0.8
mozillafirefox
3.0.9
mozillafirefox
3.0.10
mozillafirefox
3.0.11
mozillafirefox
3.0.12
mozillafirefox
3.0.13
mozillafirefox
3.0.14
mozillafirefox
3.5.1
mozillafirefox
3.5.2
mozillafirefox
3.5.3
mozillafirefox
3.5.4
mozillafirefox
3.5.5
mozillaseamonkey
𝑥
≤ 2.0
mozillaseamonkey
1.0
mozillaseamonkey
1.0:alpha
mozillaseamonkey
1.0:beta
mozillaseamonkey
1.0.1
mozillaseamonkey
1.0.2
mozillaseamonkey
1.0.3
mozillaseamonkey
1.0.4
mozillaseamonkey
1.0.5
mozillaseamonkey
1.0.6
mozillaseamonkey
1.0.7
mozillaseamonkey
1.0.8
mozillaseamonkey
1.0.9
mozillaseamonkey
1.0.99
mozillaseamonkey
1.1
mozillaseamonkey
1.1:alpha
mozillaseamonkey
1.1:beta
mozillaseamonkey
1.1.1
mozillaseamonkey
1.1.2
mozillaseamonkey
1.1.3
mozillaseamonkey
1.1.4
mozillaseamonkey
1.1.5
mozillaseamonkey
1.1.6
mozillaseamonkey
1.1.7
mozillaseamonkey
1.1.8
mozillaseamonkey
1.1.9
mozillaseamonkey
1.1.10
mozillaseamonkey
1.1.11
mozillaseamonkey
1.1.12
mozillaseamonkey
1.1.13
mozillaseamonkey
1.1.14
mozillaseamonkey
1.1.15
mozillaseamonkey
1.1.16
mozillaseamonkey
1.1.17
mozillaseamonkey
1.5.0.8
mozillaseamonkey
1.5.0.9
mozillaseamonkey
1.5.0.10
mozillaseamonkey
2.0
mozillaseamonkey
2.0:alpha_1
mozillaseamonkey
2.0:alpha_2
mozillaseamonkey
2.0:alpha_3
mozillaseamonkey
2.0:beta_1
mozillaseamonkey
2.0:beta_2
mozillaseamonkey
2.0:rc1
mozillaseamonkey
2.0a1:a1
mozillaseamonkey
2.0a1pre:a1pre
mozillathunderbird
*
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
dne
jaunty
dne
intrepid
dne
hardy
ignored
dapper
ignored
seamonkey
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
Fixed 2.0.8+build1+nobinonly-0ubuntu0.10.04.1
released
karmic
Fixed 2.0.8+build1+nobinonly-0ubuntu0.9.10.1
released
jaunty
Fixed 2.0.8+build1+nobinonly-0ubuntu0.9.04.1
released
intrepid
ignored
hardy
Fixed 2.0.8+build1+nobinonly-0ubuntu0.8.04.1
released
dapper
dne
thunderbird
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1
released
jaunty
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1
released
intrepid
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1
released
dapper
dne
xulrunner
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
dne
xulrunner-1.9
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
Fixed 1.9.0.16+nobinonly-0ubuntu0.9.04.1
released
intrepid
Fixed 1.9.0.16+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 1.9.0.16+nobinonly-0ubuntu0.8.04.1
released
dapper
dne
xulrunner-1.9.1
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
Fixed 1.9.1.6+nobinonly-0ubuntu0.9.10.1
released
jaunty
Fixed 1.9.1.6+nobinonly-0ubuntu0.9.04.1
released
intrepid
dne
hardy
dne
dapper
dne
References
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/37699
http://secunia.com/advisories/37703
http://secunia.com/advisories/37704
http://secunia.com/advisories/37785
http://secunia.com/advisories/37813
http://secunia.com/advisories/37856
http://secunia.com/advisories/37881
http://secunia.com/advisories/38977
http://secunia.com/advisories/39001
http://securitytracker.com/id?1023340
http://securitytracker.com/id?1023341
http://www.debian.org/security/2009/dsa-1956
http://www.mozilla.org/security/announce/2009/mfsa2009-68.html
http://www.novell.com/linux/security/advisories/2009_63_firefox.html
http://www.securityfocus.com/bid/37349
http://www.securityfocus.com/bid/37366
http://www.ubuntu.com/usn/USN-873-1
http://www.ubuntu.com/usn/USN-874-1
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2009/3547
http://www.vupen.com/english/advisories/2010/0648
https://bugzilla.mozilla.org/show_bug.cgi?id=487872
https://bugzilla.redhat.com/show_bug.cgi?id=546720
https://exchange.xforce.ibmcloud.com/vulnerabilities/54807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8240
https://rhn.redhat.com/errata/RHSA-2009-1673.html
https://rhn.redhat.com/errata/RHSA-2009-1674.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/37699
http://secunia.com/advisories/37703
http://secunia.com/advisories/37704
http://secunia.com/advisories/37785
http://secunia.com/advisories/37813
http://secunia.com/advisories/37856
http://secunia.com/advisories/37881
http://secunia.com/advisories/38977
http://secunia.com/advisories/39001
http://securitytracker.com/id?1023340
http://securitytracker.com/id?1023341
http://www.debian.org/security/2009/dsa-1956
http://www.mozilla.org/security/announce/2009/mfsa2009-68.html
http://www.novell.com/linux/security/advisories/2009_63_firefox.html
http://www.securityfocus.com/bid/37349
http://www.securityfocus.com/bid/37366
http://www.ubuntu.com/usn/USN-873-1
http://www.ubuntu.com/usn/USN-874-1
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2009/3547
http://www.vupen.com/english/advisories/2010/0648
https://bugzilla.mozilla.org/show_bug.cgi?id=487872
https://bugzilla.redhat.com/show_bug.cgi?id=546720
https://exchange.xforce.ibmcloud.com/vulnerabilities/54807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8240
https://rhn.redhat.com/errata/RHSA-2009-1673.html
https://rhn.redhat.com/errata/RHSA-2009-1674.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html