CVE-2009-3985

EUVD-2009-3956
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 3.0.15
mozillafirefox
0.1
mozillafirefox
0.2
mozillafirefox
0.3
mozillafirefox
0.4
mozillafirefox
0.5
mozillafirefox
0.6
mozillafirefox
0.6.1
mozillafirefox
0.7
mozillafirefox
0.7.1
mozillafirefox
0.8
mozillafirefox
0.9
mozillafirefox
0.9:rc
mozillafirefox
0.9.1
mozillafirefox
0.9.2
mozillafirefox
0.9.3
mozillafirefox
0.10
mozillafirefox
0.10.1
mozillafirefox
1.0
mozillafirefox
1.0:preview_release
mozillafirefox
1.0.1
mozillafirefox
1.0.2
mozillafirefox
1.0.3
mozillafirefox
1.0.4
mozillafirefox
1.0.5
mozillafirefox
1.0.6
mozillafirefox
1.0.7
mozillafirefox
1.0.8
mozillafirefox
1.4.1
mozillafirefox
1.5
mozillafirefox
1.5:beta1
mozillafirefox
1.5:beta2
mozillafirefox
1.5.0.1
mozillafirefox
1.5.0.2
mozillafirefox
1.5.0.3
mozillafirefox
1.5.0.4
mozillafirefox
1.5.0.5
mozillafirefox
1.5.0.6
mozillafirefox
1.5.0.7
mozillafirefox
1.5.0.8
mozillafirefox
1.5.0.9
mozillafirefox
1.5.0.10
mozillafirefox
1.5.0.11
mozillafirefox
1.5.0.12
mozillafirefox
1.5.1
mozillafirefox
1.5.2
mozillafirefox
1.5.3
mozillafirefox
1.5.4
mozillafirefox
1.5.5
mozillafirefox
1.5.6
mozillafirefox
1.5.7
mozillafirefox
1.5.8
mozillafirefox
1.8
mozillafirefox
2.0
mozillafirefox
2.0:beta_1
mozillafirefox
2.0:beta1
mozillafirefox
2.0:rc2
mozillafirefox
2.0:rc3
mozillafirefox
2.0.0.1
mozillafirefox
2.0.0.2
mozillafirefox
2.0.0.3
mozillafirefox
2.0.0.4
mozillafirefox
2.0.0.5
mozillafirefox
2.0.0.6
mozillafirefox
2.0.0.7
mozillafirefox
2.0.0.8
mozillafirefox
2.0.0.9
mozillafirefox
2.0.0.10
mozillafirefox
2.0.0.11
mozillafirefox
2.0.0.12
mozillafirefox
2.0.0.13
mozillafirefox
2.0.0.14
mozillafirefox
2.0.0.15
mozillafirefox
2.0.0.16
mozillafirefox
2.0.0.17
mozillafirefox
2.0.0.18
mozillafirefox
2.0.0.19
mozillafirefox
2.0.0.20
mozillafirefox
2.0.0.21
mozillafirefox
2.0_.1:_.1
mozillafirefox
2.0_.4:_.4
mozillafirefox
2.0_.5:_.5
mozillafirefox
2.0_.6:_.6
mozillafirefox
2.0_.7:_.7
mozillafirefox
2.0_.9:_.9
mozillafirefox
2.0_.10:_.10
mozillafirefox
2.0_8:_8
mozillafirefox
3.0
mozillafirefox
3.0:alpha
mozillafirefox
3.0:beta2
mozillafirefox
3.0:beta5
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
mozillafirefox
3.0.6
mozillafirefox
3.0.7
mozillafirefox
3.0.8
mozillafirefox
3.0.9
mozillafirefox
3.0.10
mozillafirefox
3.0.11
mozillafirefox
3.0.12
mozillafirefox
3.0.13
mozillafirefox
3.0.14
mozillafirefox
3.5.1
mozillafirefox
3.5.2
mozillafirefox
3.5.3
mozillafirefox
3.5.4
mozillafirefox
3.5.5
mozillaseamonkey
𝑥
≤ 2.0
mozillaseamonkey
1.0
mozillaseamonkey
1.0:alpha
mozillaseamonkey
1.0:beta
mozillaseamonkey
1.0.1
mozillaseamonkey
1.0.2
mozillaseamonkey
1.0.3
mozillaseamonkey
1.0.4
mozillaseamonkey
1.0.5
mozillaseamonkey
1.0.6
mozillaseamonkey
1.0.7
mozillaseamonkey
1.0.8
mozillaseamonkey
1.0.9
mozillaseamonkey
1.0.99
mozillaseamonkey
1.1
mozillaseamonkey
1.1:alpha
mozillaseamonkey
1.1:beta
mozillaseamonkey
1.1.1
mozillaseamonkey
1.1.2
mozillaseamonkey
1.1.3
mozillaseamonkey
1.1.4
mozillaseamonkey
1.1.5
mozillaseamonkey
1.1.6
mozillaseamonkey
1.1.7
mozillaseamonkey
1.1.8
mozillaseamonkey
1.1.9
mozillaseamonkey
1.1.10
mozillaseamonkey
1.1.11
mozillaseamonkey
1.1.12
mozillaseamonkey
1.1.13
mozillaseamonkey
1.1.14
mozillaseamonkey
1.1.15
mozillaseamonkey
1.1.16
mozillaseamonkey
1.1.17
mozillaseamonkey
1.5.0.8
mozillaseamonkey
1.5.0.9
mozillaseamonkey
1.5.0.10
mozillaseamonkey
2.0
mozillaseamonkey
2.0:alpha_1
mozillaseamonkey
2.0:alpha_2
mozillaseamonkey
2.0:alpha_3
mozillaseamonkey
2.0:beta_1
mozillaseamonkey
2.0:beta_2
mozillaseamonkey
2.0:rc1
mozillaseamonkey
2.0a1:a1
mozillaseamonkey
2.0a1pre:a1pre
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
dapper
ignored
hardy
ignored
intrepid
dne
jaunty
dne
karmic
dne
lucid
not-affected
seamonkey
dapper
dne
hardy
Fixed 2.0.8+build1+nobinonly-0ubuntu0.8.04.1
released
intrepid
ignored
jaunty
Fixed 2.0.8+build1+nobinonly-0ubuntu0.9.04.1
released
karmic
Fixed 2.0.8+build1+nobinonly-0ubuntu0.9.10.1
released
lucid
Fixed 2.0.8+build1+nobinonly-0ubuntu0.10.04.1
released
xulrunner-1.9
dapper
dne
hardy
Fixed 1.9.0.16+nobinonly-0ubuntu0.8.04.1
released
intrepid
Fixed 1.9.0.16+nobinonly-0ubuntu0.8.10.1
released
jaunty
Fixed 1.9.0.16+nobinonly-0ubuntu0.9.04.1
released
karmic
dne
lucid
dne
xulrunner-1.9.1
dapper
dne
hardy
dne
intrepid
dne
jaunty
Fixed 1.9.1.6+nobinonly-0ubuntu0.9.04.1
released
karmic
Fixed 1.9.1.6+nobinonly-0ubuntu0.9.10.1
released
lucid
dne
References
http://secunia.com/advisories/37699
http://secunia.com/advisories/37704
http://secunia.com/advisories/37785
http://secunia.com/advisories/37813
http://secunia.com/advisories/37856
http://secunia.com/advisories/37881
http://securitytracker.com/id?1023342
http://securitytracker.com/id?1023343
http://www.debian.org/security/2009/dsa-1956
http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
http://www.novell.com/linux/security/advisories/2009_63_firefox.html
http://www.securityfocus.com/bid/37349
http://www.securityfocus.com/bid/37370
http://www.ubuntu.com/usn/USN-873-1
http://www.ubuntu.com/usn/USN-874-1
http://www.vupen.com/english/advisories/2009/3547
https://bugzilla.mozilla.org/show_bug.cgi?id=514232
https://bugzilla.redhat.com/show_bug.cgi?id=546726
https://exchange.xforce.ibmcloud.com/vulnerabilities/54808
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911
https://rhn.redhat.com/errata/RHSA-2009-1674.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html
http://secunia.com/advisories/37699
http://secunia.com/advisories/37704
http://secunia.com/advisories/37785
http://secunia.com/advisories/37813
http://secunia.com/advisories/37856
http://secunia.com/advisories/37881
http://securitytracker.com/id?1023342
http://securitytracker.com/id?1023343
http://www.debian.org/security/2009/dsa-1956
http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
http://www.novell.com/linux/security/advisories/2009_63_firefox.html
http://www.securityfocus.com/bid/37349
http://www.securityfocus.com/bid/37370
http://www.ubuntu.com/usn/USN-873-1
http://www.ubuntu.com/usn/USN-874-1
http://www.vupen.com/english/advisories/2009/3547
https://bugzilla.mozilla.org/show_bug.cgi?id=514232
https://bugzilla.redhat.com/show_bug.cgi?id=546726
https://exchange.xforce.ibmcloud.com/vulnerabilities/54808
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911
https://rhn.redhat.com/errata/RHSA-2009-1674.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html