CVE-2009-3985

MEDIUM

Description

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.

References

http://secunia.com/advisories/37699

http://secunia.com/advisories/37704

http://secunia.com/advisories/37785

http://secunia.com/advisories/37813

http://secunia.com/advisories/37856

http://secunia.com/advisories/37881

http://securitytracker.com/id?1023342

http://securitytracker.com/id?1023343

http://www.debian.org/security/2009/dsa-1956

http://www.mozilla.org/security/announce/2009/mfsa2009-69.html

http://www.novell.com/linux/security/advisories/2009_63_firefox.html

http://www.securityfocus.com/bid/37349

http://www.securityfocus.com/bid/37370

http://www.ubuntu.com/usn/USN-873-1

http://www.ubuntu.com/usn/USN-874-1

http://www.vupen.com/english/advisories/2009/3547

https://bugzilla.mozilla.org/show_bug.cgi?id=514232

https://bugzilla.redhat.com/show_bug.cgi?id=546726

https://exchange.xforce.ibmcloud.com/vulnerabilities/54808

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911

https://rhn.redhat.com/errata/RHSA-2009-1674.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html

Details

Source: MITRE

Published: 2009-12-17

Updated: 2017-09-19

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM