CVE-2009-3985

MEDIUM

Description

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.

ID	Name	Product	Family	Severity
67975	Oracle Linux 4 / 5 : firefox (ELSA-2009-1674)	Nessus	Oracle Linux Local Security Checks	high
67974	Oracle Linux 3 / 4 : seamonkey (ELSA-2009-1673)	Nessus	Oracle Linux Local Security Checks	high
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
60709	Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
49898	SuSE 10 Security Update : XULRunner (ZYPP Patch Number 6734)	Nessus	SuSE Local Security Checks	high
49889	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6735)	Nessus	SuSE Local Security Checks	high
48162	Mandriva Linux Security Advisory : firefox (MDVSA-2009:338)	Nessus	Mandriva Local Security Checks	high
44821	Debian DSA-1956-1 : xulrunner - several vulnerabilities	Nessus	Debian Local Security Checks	high
43824	Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 regression (USN-878-1)	Nessus	Ubuntu Local Security Checks	high
43823	Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 regression (USN-877-1)	Nessus	Ubuntu Local Security Checks	high
43619	openSUSE Security Update : seamonkey (seamonkey-1738)	Nessus	SuSE Local Security Checks	high
43399	SuSE 10 Security Update : XULRunner (ZYPP Patch Number 6736)	Nessus	SuSE Local Security Checks	high
43397	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6733)	Nessus	SuSE Local Security Checks	high
43396	openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)	Nessus	SuSE Local Security Checks	high
43395	openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)	Nessus	SuSE Local Security Checks	high
43394	Mandriva Linux Security Advisory : firefox (MDVSA-2009:339)	Nessus	Mandriva Local Security Checks	high
43388	SuSE 11 Security Update : XULRunner (SAT Patch Number 1716)	Nessus	SuSE Local Security Checks	high
43386	SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1709)	Nessus	SuSE Local Security Checks	high
43383	openSUSE Security Update : MozillaFirefox (MozillaFirefox-1708)	Nessus	SuSE Local Security Checks	high
43367	Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-874-1)	Nessus	Ubuntu Local Security Checks	high
43366	Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-873-1)	Nessus	Ubuntu Local Security Checks	high
43356	CentOS 4 / 5 : firefox (CESA-2009:1674)	Nessus	CentOS Local Security Checks	high
43355	CentOS 4 : seamonkey (CESA-2009:1673)	Nessus	CentOS Local Security Checks	high
43339	Fedora 12 : Miro-2.5.2-7.fc12 / blam-1.8.5-21.fc12 / firefox-3.5.6-1.fc12 / galeon-2.0.7-19.fc12 / etc (2009-13366)	Nessus	Fedora Local Security Checks	high
43336	Fedora 12 : seamonkey-2.0.1-1.fc12 (2009-13362)	Nessus	Fedora Local Security Checks	high
43334	Fedora 11 : Miro-2.5.2-7.fc11 / blam-1.8.5-17.fc11 / chmsee-1.0.1-14.fc11 / epiphany-2.26.3-7.fc11 / etc (2009-13333)	Nessus	Fedora Local Security Checks	high
43176	FreeBSD : mozilla -- multiple vulnerabilities (01c57d20-ea26-11de-bd39-00248c9b4be7)	Nessus	FreeBSD Local Security Checks	high
801369	Mozilla Firefox < 3.0.16 / 3.5.6 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801360	Mozilla SeaMonkey < 2.0.1 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
43175	SeaMonkey < 2.0.1 Multiple Vulnerabilities	Nessus	Windows	high
43174	Firefox 3.5 < 3.5.6 Multiple Vulnerabilities	Nessus	Windows	high
43173	Firefox < 3.0.16 Multiple Vulnerabilities	Nessus	Windows	high
43171	RHEL 4 / 5 : firefox (RHSA-2009:1674)	Nessus	Red Hat Local Security Checks	high
43170	RHEL 3 / 4 : seamonkey (RHSA-2009:1673)	Nessus	Red Hat Local Security Checks	high
5265	SeaMonkey < 2.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
5264	Mozilla Firefox < 3.0.16 / 3.5.6 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium

CVE-2009-3985

Description

References

Details

Risk Information

CVSS v2.0