CVE-2009-3985

medium

Description

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.

References

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html

https://rhn.redhat.com/errata/RHSA-2009-1674.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480

https://exchange.xforce.ibmcloud.com/vulnerabilities/54808

https://bugzilla.redhat.com/show_bug.cgi?id=546726

https://bugzilla.mozilla.org/show_bug.cgi?id=514232

http://www.vupen.com/english/advisories/2009/3547

http://www.ubuntu.com/usn/USN-874-1

http://www.ubuntu.com/usn/USN-873-1

http://www.securityfocus.com/bid/37370

http://www.securityfocus.com/bid/37349

http://www.novell.com/linux/security/advisories/2009_63_firefox.html

http://www.mozilla.org/security/announce/2009/mfsa2009-69.html

http://www.debian.org/security/2009/dsa-1956

http://securitytracker.com/id?1023343

http://securitytracker.com/id?1023342

http://secunia.com/advisories/37881

http://secunia.com/advisories/37856

http://secunia.com/advisories/37813

http://secunia.com/advisories/37785

http://secunia.com/advisories/37704

http://secunia.com/advisories/37699

Details

Source: Mitre, NVD

Published: 2009-12-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity: Medium