CVE-2009-3985
First published: Fri Dec 11 2009(Updated: )
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla SeaMonkey | =1.1.10 | |
| Firefox | =0.1 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Firefox | =0.8 | |
| Firefox | =2.0.0.12 | |
| Firefox | =1.5-beta2 | |
| Firefox | =2.0_.7 | |
| Firefox | =3.5.3 | |
| Mozilla SeaMonkey | =1.1.8 | |
| Firefox | =3.0.7 | |
| Firefox | =1.5.2 | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.1.7 | |
| Mozilla SeaMonkey | =1.5.0.10 | |
| Firefox | =3.0.9 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Firefox | =1.5.0.6 | |
| Firefox | =1.8 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Mozilla SeaMonkey | =1.1.3 | |
| Firefox | =2.0.0.2 | |
| Firefox | =1.5.0.10 | |
| Firefox | =1.5.0.3 | |
| Mozilla SeaMonkey | =2.0a1pre | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =3.0.8 | |
| Mozilla SeaMonkey | =1.1.17 | |
| Firefox | =1.5.0.11 | |
| Firefox | =1.4.1 | |
| Mozilla SeaMonkey | =1.0.99 | |
| Firefox | =1.5.4 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =1.1.5 | |
| Mozilla SeaMonkey | =1.0.7 | |
| Firefox | =1.0.2 | |
| Mozilla SeaMonkey | =1.0-beta | |
| Firefox | =3.5.5 | |
| Firefox | =3.0.4 | |
| Firefox | =1.5-beta1 | |
| Mozilla SeaMonkey | =1.1-alpha | |
| Firefox | =2.0_8 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Firefox | =3.5.4 | |
| Firefox | =2.0_.9 | |
| Firefox | =3.0.5 | |
| Mozilla SeaMonkey | =1.0-alpha | |
| Firefox | <=3.0.15 | |
| Mozilla SeaMonkey | =2.0a1 | |
| Firefox | =1.5 | |
| Firefox | =0.9.1 | |
| Firefox | =1.0.4 | |
| Firefox | =2.0.0.7 | |
| Firefox | =1.0.7 | |
| Mozilla SeaMonkey | =1.1.12 | |
| Firefox | =3.5.1 | |
| Mozilla SeaMonkey | =1.1 | |
| Firefox | =2.0.0.9 | |
| Firefox | =0.10.1 | |
| Firefox | =2.0_.1 | |
| Firefox | =3.0.14 | |
| Firefox | =3.5.2 | |
| Firefox | =0.9 | |
| Firefox | =2.0.0.16 | |
| Mozilla SeaMonkey | =1.1.14 | |
| Firefox | =3.0-beta2 | |
| Firefox | =1.5.6 | |
| Firefox | =2.0.0.17 | |
| Firefox | =0.7 | |
| Mozilla SeaMonkey | =1.1.2 | |
| Firefox | =2.0.0.15 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Firefox | =3.0.10 | |
| Firefox | =0.2 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla SeaMonkey | =1.0.8 | |
| Firefox | =0.3 | |
| Mozilla SeaMonkey | =1.1.11 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Firefox | =2.0_.10 | |
| Firefox | =3.0.12 | |
| Firefox | =1.0 | |
| Mozilla SeaMonkey | =1.5.0.9 | |
| Firefox | =3.0.3 | |
| Mozilla SeaMonkey | =1.1-beta | |
| Mozilla SeaMonkey | =1.1.1 | |
| Firefox | =1.5.0.7 | |
| Firefox | =2.0 | |
| Firefox | =1.0.1 | |
| Mozilla SeaMonkey | =1.5.0.8 | |
| Firefox | =2.0-beta1 | |
| Firefox | =2.0.0.14 | |
| Firefox | =0.6 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Firefox | =0.7.1 | |
| Mozilla SeaMonkey | =1.1.15 | |
| Firefox | =3.0.6 | |
| Firefox | =1.5.0.8 | |
| Firefox | =2.0_.5 | |
| Firefox | =2.0.0.3 | |
| Firefox | =1.5.0.9 | |
| Firefox | =1.5.0.5 | |
| Firefox | =1.5.7 | |
| Firefox | =1.5.0.12 | |
| Firefox | =2.0.0.6 | |
| Mozilla SeaMonkey | =1.1.6 | |
| Firefox | =3.0 | |
| Firefox | =2.0.0.11 | |
| Firefox | =1.5.0.2 | |
| Mozilla SeaMonkey | =1.1.16 | |
| Firefox | =1.0.3 | |
| Firefox | =3.0.1 | |
| Firefox | =2.0.0.4 | |
| Firefox | =0.5 | |
| Firefox | =0.6.1 | |
| Firefox | =1.5.1 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Firefox | =2.0.0.21 | |
| Firefox | =0.9.3 | |
| Firefox | =2.0.0.13 | |
| Firefox | =2.0.0.18 | |
| Firefox | =2.0-rc2 | |
| Firefox | =2.0.0.1 | |
| Firefox | =3.0.2 | |
| Firefox | =2.0_.6 | |
| Firefox | =2.0_.4 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Firefox | =1.5.5 | |
| Firefox | =0.9.2 | |
| Firefox | =1.0-preview_release | |
| Mozilla SeaMonkey | <=2.0 | |
| Firefox | =2.0-beta_1 | |
| Mozilla SeaMonkey | =1.1.9 | |
| Mozilla SeaMonkey | =1.1.13 | |
| Firefox | =2.0.0.20 | |
| Firefox | =2.0.0.8 | |
| Firefox | =3.0-beta5 | |
| Firefox | =0.9-rc | |
| Firefox | =2.0.0.19 | |
| Firefox | =1.5.8 | |
| Firefox | =1.5.3 | |
| Firefox | =0.4 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.1 | |
| Firefox | =3.0.13 | |
| Firefox | =0.10 | |
| Firefox | =1.0.5 | |
| Firefox | =2.0.0.5 | |
| Mozilla SeaMonkey | =2.0 | |
| Firefox | =2.0.0.10 | |
| Firefox | =2.0-rc3 | |
| Firefox | =3.0-alpha | |
| Firefox | =1.0.6 | |
| Mozilla SeaMonkey | =1.1.4 | |
| Firefox | =1.0.8 | |
| Firefox | =3.0.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2009-1674.html
- https://bugzilla.redhat.com/show_bug.cgi?id=546726
- http://secunia.com/advisories/37699
- http://www.securityfocus.com/bid/37370
- http://securitytracker.com/id?1023343
- http://secunia.com/advisories/37785
- http://www.vupen.com/english/advisories/2009/3547
- http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
- http://secunia.com/advisories/37704
- http://securitytracker.com/id?1023342
- https://bugzilla.mozilla.org/show_bug.cgi?id=514232
- http://www.securityfocus.com/bid/37349
- http://www.ubuntu.com/usn/USN-874-1
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
- http://www.debian.org/security/2009/dsa-1956
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html
- http://www.ubuntu.com/usn/USN-873-1
- http://www.novell.com/linux/security/advisories/2009_63_firefox.html
- http://secunia.com/advisories/37813
- http://secunia.com/advisories/37856
- http://secunia.com/advisories/37881
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54808
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480
Frequently Asked Questions
What is the severity of CVE-2009-3985?
CVE-2009-3985 is classified as a moderate severity vulnerability.
How do I fix CVE-2009-3985?
To mitigate CVE-2009-3985, upgrade to Mozilla Firefox version 3.0.16 or later, or SeaMonkey version 2.0.1 or later.
Which versions of Firefox are affected by CVE-2009-3985?
CVE-2009-3985 affects Firefox versions prior to 3.0.16 and 3.5.x before 3.5.6.
Which versions of SeaMonkey are impacted by CVE-2009-3985?
SeaMonkey versions prior to 2.0.1 are affected by CVE-2009-3985.
What type of vulnerability is CVE-2009-3985?
CVE-2009-3985 is a vulnerability that allows remote attackers to spoof content associated with an invalid URL.
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3985
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.1.10
- canonical/firefox
- version/firefox/0.1
- version/mozilla seamonkey/1.0.3
- version/firefox/0.8
- version/firefox/2.0.0.12
- version/firefox/1.5-beta2
- version/firefox/2.0_.7
- version/firefox/3.5.3
- version/mozilla seamonkey/1.1.8
- version/firefox/3.0.7
- version/firefox/1.5.2
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.1.7
- version/mozilla seamonkey/1.5.0.10
- version/firefox/3.0.9
- version/mozilla seamonkey/1.0.6
- version/firefox/1.5.0.6
- version/firefox/1.8
- version/mozilla seamonkey/1.0.9
- version/mozilla seamonkey/1.1.3
- version/firefox/2.0.0.2
- version/firefox/1.5.0.10
- version/firefox/1.5.0.3
- version/mozilla seamonkey/2.0a1pre
- version/mozilla seamonkey/1.0
- version/firefox/3.0.8
- version/mozilla seamonkey/1.1.17
- version/firefox/1.5.0.11
- version/firefox/1.4.1
- version/mozilla seamonkey/1.0.99
- version/firefox/1.5.4
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/1.1.5
- version/mozilla seamonkey/1.0.7
- version/firefox/1.0.2
- version/mozilla seamonkey/1.0-beta
- version/firefox/3.5.5
- version/firefox/3.0.4
- version/firefox/1.5-beta1
- version/mozilla seamonkey/1.1-alpha
- version/firefox/2.0_8
- version/mozilla seamonkey/2.0-alpha_3
- version/firefox/3.5.4
- version/firefox/2.0_.9
- version/firefox/3.0.5
- version/mozilla seamonkey/1.0-alpha
- version/firefox/3.0.15
- version/mozilla seamonkey/2.0a1
- version/firefox/1.5
- version/firefox/0.9.1
- version/firefox/1.0.4
- version/firefox/2.0.0.7
- version/firefox/1.0.7
- version/mozilla seamonkey/1.1.12
- version/firefox/3.5.1
- version/mozilla seamonkey/1.1
- version/firefox/2.0.0.9
- version/firefox/0.10.1
- version/firefox/2.0_.1
- version/firefox/3.0.14
- version/firefox/3.5.2
- version/firefox/0.9
- version/firefox/2.0.0.16
- version/mozilla seamonkey/1.1.14
- version/firefox/3.0-beta2
- version/firefox/1.5.6
- version/firefox/2.0.0.17
- version/firefox/0.7
- version/mozilla seamonkey/1.1.2
- version/firefox/2.0.0.15
- version/mozilla seamonkey/2.0-beta_2
- version/firefox/3.0.10
- version/firefox/0.2
- version/mozilla seamonkey/1.0.2
- version/mozilla seamonkey/1.0.8
- version/firefox/0.3
- version/mozilla seamonkey/1.1.11
- version/mozilla seamonkey/2.0-alpha_1
- version/firefox/2.0_.10
- version/firefox/3.0.12
- version/firefox/1.0
- version/mozilla seamonkey/1.5.0.9
- version/firefox/3.0.3
- version/mozilla seamonkey/1.1-beta
- version/mozilla seamonkey/1.1.1
- version/firefox/1.5.0.7
- version/firefox/2.0
- version/firefox/1.0.1
- version/mozilla seamonkey/1.5.0.8
- version/firefox/2.0-beta1
- version/firefox/2.0.0.14
- version/firefox/0.6
- version/mozilla seamonkey/1.0.5
- version/firefox/0.7.1
- version/mozilla seamonkey/1.1.15
- version/firefox/3.0.6
- version/firefox/1.5.0.8
- version/firefox/2.0_.5
- version/firefox/2.0.0.3
- version/firefox/1.5.0.9
- version/firefox/1.5.0.5
- version/firefox/1.5.7
- version/firefox/1.5.0.12
- version/firefox/2.0.0.6
- version/mozilla seamonkey/1.1.6
- version/firefox/3.0
- version/firefox/2.0.0.11
- version/firefox/1.5.0.2
- version/mozilla seamonkey/1.1.16
- version/firefox/1.0.3
- version/firefox/3.0.1
- version/firefox/2.0.0.4
- version/firefox/0.5
- version/firefox/0.6.1
- version/firefox/1.5.1
- version/mozilla seamonkey/2.0-beta_1
- version/firefox/2.0.0.21
- version/firefox/0.9.3
- version/firefox/2.0.0.13
- version/firefox/2.0.0.18
- version/firefox/2.0-rc2
- version/firefox/2.0.0.1
- version/firefox/3.0.2
- version/firefox/2.0_.6
- version/firefox/2.0_.4
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/1.0.4
- version/firefox/1.5.5
- version/firefox/0.9.2
- version/firefox/1.0-preview_release
- version/mozilla seamonkey/2.0
- version/firefox/2.0-beta_1
- version/mozilla seamonkey/1.1.9
- version/mozilla seamonkey/1.1.13
- version/firefox/2.0.0.20
- version/firefox/2.0.0.8
- version/firefox/3.0-beta5
- version/firefox/0.9-rc
- version/firefox/2.0.0.19
- version/firefox/1.5.8
- version/firefox/1.5.3
- version/firefox/0.4
- version/firefox/1.5.0.4
- version/firefox/1.5.0.1
- version/firefox/3.0.13
- version/firefox/0.10
- version/firefox/1.0.5
- version/firefox/2.0.0.5
- version/firefox/2.0.0.10
- version/firefox/2.0-rc3
- version/firefox/3.0-alpha
- version/firefox/1.0.6
- version/mozilla seamonkey/1.1.4
- version/firefox/1.0.8
- version/firefox/3.0.11