CVE-2009-3983

MEDIUM

Description

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.

References

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://secunia.com/advisories/37699

http://secunia.com/advisories/37703

http://secunia.com/advisories/37704

http://secunia.com/advisories/37785

http://secunia.com/advisories/37813

http://secunia.com/advisories/37856

http://secunia.com/advisories/37881

http://secunia.com/advisories/38977

http://secunia.com/advisories/39001

http://securitytracker.com/id?1023340

http://securitytracker.com/id?1023341

http://www.debian.org/security/2009/dsa-1956

http://www.mozilla.org/security/announce/2009/mfsa2009-68.html

http://www.novell.com/linux/security/advisories/2009_63_firefox.html

http://www.securityfocus.com/bid/37349

http://www.securityfocus.com/bid/37366

http://www.ubuntu.com/usn/USN-873-1

http://www.ubuntu.com/usn/USN-874-1

http://www.ubuntu.com/usn/USN-915-1

http://www.vupen.com/english/advisories/2009/3547

http://www.vupen.com/english/advisories/2010/0648

https://bugzilla.mozilla.org/show_bug.cgi?id=487872

https://bugzilla.redhat.com/show_bug.cgi?id=546720

https://exchange.xforce.ibmcloud.com/vulnerabilities/54807

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10047

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8240

https://rhn.redhat.com/errata/RHSA-2009-1673.html

https://rhn.redhat.com/errata/RHSA-2009-1674.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html

Details

Source: MITRE

Published: 2009-12-17

Updated: 2017-09-19

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM