CVE-2009-3985
First published: Fri Dec 11 2009(Updated: )
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <=3.0.15 | |
| Mozilla Firefox | =0.1 | |
| Mozilla Firefox | =0.2 | |
| Mozilla Firefox | =0.3 | |
| Mozilla Firefox | =0.4 | |
| Mozilla Firefox | =0.5 | |
| Mozilla Firefox | =0.6 | |
| Mozilla Firefox | =0.6.1 | |
| Mozilla Firefox | =0.7 | |
| Mozilla Firefox | =0.7.1 | |
| Mozilla Firefox | =0.8 | |
| Mozilla Firefox | =0.9 | |
| Mozilla Firefox | =0.9-rc | |
| Mozilla Firefox | =0.9.1 | |
| Mozilla Firefox | =0.9.2 | |
| Mozilla Firefox | =0.9.3 | |
| Mozilla Firefox | =0.10 | |
| Mozilla Firefox | =0.10.1 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Firefox | =1.0-preview_release | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla Firefox | =1.0.2 | |
| Mozilla Firefox | =1.0.3 | |
| Mozilla Firefox | =1.0.4 | |
| Mozilla Firefox | =1.0.5 | |
| Mozilla Firefox | =1.0.6 | |
| Mozilla Firefox | =1.0.7 | |
| Mozilla Firefox | =1.0.8 | |
| Mozilla Firefox | =1.4.1 | |
| Mozilla Firefox | =1.5 | |
| Mozilla Firefox | =1.5-beta1 | |
| Mozilla Firefox | =1.5-beta2 | |
| Mozilla Firefox | =1.5.0.1 | |
| Mozilla Firefox | =1.5.0.2 | |
| Mozilla Firefox | =1.5.0.3 | |
| Mozilla Firefox | =1.5.0.4 | |
| Mozilla Firefox | =1.5.0.5 | |
| Mozilla Firefox | =1.5.0.6 | |
| Mozilla Firefox | =1.5.0.7 | |
| Mozilla Firefox | =1.5.0.8 | |
| Mozilla Firefox | =1.5.0.9 | |
| Mozilla Firefox | =1.5.0.10 | |
| Mozilla Firefox | =1.5.0.11 | |
| Mozilla Firefox | =1.5.0.12 | |
| Mozilla Firefox | =1.5.1 | |
| Mozilla Firefox | =1.5.2 | |
| Mozilla Firefox | =1.5.3 | |
| Mozilla Firefox | =1.5.4 | |
| Mozilla Firefox | =1.5.5 | |
| Mozilla Firefox | =1.5.6 | |
| Mozilla Firefox | =1.5.7 | |
| Mozilla Firefox | =1.5.8 | |
| Mozilla Firefox | =1.8 | |
| Mozilla Firefox | =2.0 | |
| Mozilla Firefox | =2.0-beta_1 | |
| Mozilla Firefox | =2.0-beta1 | |
| Mozilla Firefox | =2.0-rc2 | |
| Mozilla Firefox | =2.0-rc3 | |
| Mozilla Firefox | =2.0.0.1 | |
| Mozilla Firefox | =2.0.0.2 | |
| Mozilla Firefox | =2.0.0.3 | |
| Mozilla Firefox | =2.0.0.4 | |
| Mozilla Firefox | =2.0.0.5 | |
| Mozilla Firefox | =2.0.0.6 | |
| Mozilla Firefox | =2.0.0.7 | |
| Mozilla Firefox | =2.0.0.8 | |
| Mozilla Firefox | =2.0.0.9 | |
| Mozilla Firefox | =2.0.0.10 | |
| Mozilla Firefox | =2.0.0.11 | |
| Mozilla Firefox | =2.0.0.12 | |
| Mozilla Firefox | =2.0.0.13 | |
| Mozilla Firefox | =2.0.0.14 | |
| Mozilla Firefox | =2.0.0.15 | |
| Mozilla Firefox | =2.0.0.16 | |
| Mozilla Firefox | =2.0.0.17 | |
| Mozilla Firefox | =2.0.0.18 | |
| Mozilla Firefox | =2.0.0.19 | |
| Mozilla Firefox | =2.0.0.20 | |
| Mozilla Firefox | =2.0.0.21 | |
| Mozilla Firefox | =2.0_.1 | |
| Mozilla Firefox | =2.0_.4 | |
| Mozilla Firefox | =2.0_.5 | |
| Mozilla Firefox | =2.0_.6 | |
| Mozilla Firefox | =2.0_.7 | |
| Mozilla Firefox | =2.0_.9 | |
| Mozilla Firefox | =2.0_.10 | |
| Mozilla Firefox | =2.0_8 | |
| Mozilla Firefox | =3.0 | |
| Mozilla Firefox | =3.0-alpha | |
| Mozilla Firefox | =3.0-beta2 | |
| Mozilla Firefox | =3.0-beta5 | |
| Mozilla Firefox | =3.0.1 | |
| Mozilla Firefox | =3.0.2 | |
| Mozilla Firefox | =3.0.3 | |
| Mozilla Firefox | =3.0.4 | |
| Mozilla Firefox | =3.0.5 | |
| Mozilla Firefox | =3.0.6 | |
| Mozilla Firefox | =3.0.7 | |
| Mozilla Firefox | =3.0.8 | |
| Mozilla Firefox | =3.0.9 | |
| Mozilla Firefox | =3.0.10 | |
| Mozilla Firefox | =3.0.11 | |
| Mozilla Firefox | =3.0.12 | |
| Mozilla Firefox | =3.0.13 | |
| Mozilla Firefox | =3.0.14 | |
| Mozilla Firefox | =3.5.1 | |
| Mozilla Firefox | =3.5.2 | |
| Mozilla Firefox | =3.5.3 | |
| Mozilla Firefox | =3.5.4 | |
| Mozilla Firefox | =3.5.5 | |
| Mozilla SeaMonkey | <=2.0 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla SeaMonkey | =1.0-alpha | |
| Mozilla SeaMonkey | =1.0-beta | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Mozilla SeaMonkey | =1.0.7 | |
| Mozilla SeaMonkey | =1.0.8 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Mozilla SeaMonkey | =1.0.99 | |
| Mozilla SeaMonkey | =1.1 | |
| Mozilla SeaMonkey | =1.1-alpha | |
| Mozilla SeaMonkey | =1.1-beta | |
| Mozilla SeaMonkey | =1.1.1 | |
| Mozilla SeaMonkey | =1.1.2 | |
| Mozilla SeaMonkey | =1.1.3 | |
| Mozilla SeaMonkey | =1.1.4 | |
| Mozilla SeaMonkey | =1.1.5 | |
| Mozilla SeaMonkey | =1.1.6 | |
| Mozilla SeaMonkey | =1.1.7 | |
| Mozilla SeaMonkey | =1.1.8 | |
| Mozilla SeaMonkey | =1.1.9 | |
| Mozilla SeaMonkey | =1.1.10 | |
| Mozilla SeaMonkey | =1.1.11 | |
| Mozilla SeaMonkey | =1.1.12 | |
| Mozilla SeaMonkey | =1.1.13 | |
| Mozilla SeaMonkey | =1.1.14 | |
| Mozilla SeaMonkey | =1.1.15 | |
| Mozilla SeaMonkey | =1.1.16 | |
| Mozilla SeaMonkey | =1.1.17 | |
| Mozilla SeaMonkey | =1.5.0.8 | |
| Mozilla SeaMonkey | =1.5.0.9 | |
| Mozilla SeaMonkey | =1.5.0.10 | |
| Mozilla SeaMonkey | =2.0 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =2.0a1 | |
| Mozilla SeaMonkey | =2.0a1pre |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2009-1674.html
- https://bugzilla.redhat.com/show_bug.cgi?id=546726
- http://secunia.com/advisories/37699
- http://www.securityfocus.com/bid/37370
- http://securitytracker.com/id?1023343
- http://secunia.com/advisories/37785
- http://www.vupen.com/english/advisories/2009/3547
- http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
- http://secunia.com/advisories/37704
- http://securitytracker.com/id?1023342
- https://bugzilla.mozilla.org/show_bug.cgi?id=514232
- http://www.securityfocus.com/bid/37349
- http://www.ubuntu.com/usn/USN-874-1
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
- http://www.debian.org/security/2009/dsa-1956
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html
- http://www.ubuntu.com/usn/USN-873-1
- http://www.novell.com/linux/security/advisories/2009_63_firefox.html
- http://secunia.com/advisories/37813
- http://secunia.com/advisories/37856
- http://secunia.com/advisories/37881
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54808
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3985
- agent/tags
- agent/trending
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.1.10
- canonical/mozilla firefox
- version/mozilla firefox/0.1
- version/mozilla seamonkey/1.0.3
- version/mozilla firefox/0.8
- version/mozilla firefox/2.0.0.12
- version/mozilla firefox/1.5-beta2
- version/mozilla firefox/2.0_.7
- version/mozilla firefox/3.5.3
- version/mozilla seamonkey/1.1.8
- version/mozilla firefox/3.0.7
- version/mozilla firefox/1.5.2
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.1.7
- version/mozilla seamonkey/1.5.0.10
- version/mozilla firefox/3.0.9
- version/mozilla seamonkey/1.0.6
- version/mozilla firefox/1.5.0.6
- version/mozilla firefox/1.8
- version/mozilla seamonkey/1.0.9
- version/mozilla seamonkey/1.1.3
- version/mozilla firefox/2.0.0.2
- version/mozilla firefox/1.5.0.10
- version/mozilla firefox/1.5.0.3
- version/mozilla seamonkey/2.0a1pre
- version/mozilla seamonkey/1.0
- version/mozilla firefox/3.0.8
- version/mozilla seamonkey/1.1.17
- version/mozilla firefox/1.5.0.11
- version/mozilla firefox/1.4.1
- version/mozilla seamonkey/1.0.99
- version/mozilla firefox/1.5.4
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/1.1.5
- version/mozilla seamonkey/1.0.7
- version/mozilla firefox/1.0.2
- version/mozilla seamonkey/1.0-beta
- version/mozilla firefox/3.5.5
- version/mozilla firefox/3.0.4
- version/mozilla firefox/1.5-beta1
- version/mozilla seamonkey/1.1-alpha
- version/mozilla firefox/2.0_8
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla firefox/3.5.4
- version/mozilla firefox/2.0_.9
- version/mozilla firefox/3.0.5
- version/mozilla seamonkey/1.0-alpha
- version/mozilla firefox/3.0.15
- version/mozilla seamonkey/2.0a1
- version/mozilla firefox/1.5
- version/mozilla firefox/0.9.1
- version/mozilla firefox/1.0.4
- version/mozilla firefox/2.0.0.7
- version/mozilla firefox/1.0.7
- version/mozilla seamonkey/1.1.12
- version/mozilla firefox/3.5.1
- version/mozilla seamonkey/1.1
- version/mozilla firefox/2.0.0.9
- version/mozilla firefox/0.10.1
- version/mozilla firefox/2.0_.1
- version/mozilla firefox/3.0.14
- version/mozilla firefox/3.5.2
- version/mozilla firefox/0.9
- version/mozilla firefox/2.0.0.16
- version/mozilla seamonkey/1.1.14
- version/mozilla firefox/3.0-beta2
- version/mozilla firefox/1.5.6
- version/mozilla firefox/2.0.0.17
- version/mozilla firefox/0.7
- version/mozilla seamonkey/1.1.2
- version/mozilla firefox/2.0.0.15
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla firefox/3.0.10
- version/mozilla firefox/0.2
- version/mozilla seamonkey/1.0.2
- version/mozilla seamonkey/1.0.8
- version/mozilla firefox/0.3
- version/mozilla seamonkey/1.1.11
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla firefox/2.0_.10
- version/mozilla firefox/3.0.12
- version/mozilla firefox/1.0
- version/mozilla seamonkey/1.5.0.9
- version/mozilla firefox/3.0.3
- version/mozilla seamonkey/1.1-beta
- version/mozilla seamonkey/1.1.1
- version/mozilla firefox/1.5.0.7
- version/mozilla firefox/2.0
- version/mozilla firefox/1.0.1
- version/mozilla seamonkey/1.5.0.8
- version/mozilla firefox/2.0-beta1
- version/mozilla firefox/2.0.0.14
- version/mozilla firefox/0.6
- version/mozilla seamonkey/1.0.5
- version/mozilla firefox/0.7.1
- version/mozilla seamonkey/1.1.15
- version/mozilla firefox/3.0.6
- version/mozilla firefox/1.5.0.8
- version/mozilla firefox/2.0_.5
- version/mozilla firefox/2.0.0.3
- version/mozilla firefox/1.5.0.9
- version/mozilla firefox/1.5.0.5
- version/mozilla firefox/1.5.7
- version/mozilla firefox/1.5.0.12
- version/mozilla firefox/2.0.0.6
- version/mozilla seamonkey/1.1.6
- version/mozilla firefox/3.0
- version/mozilla firefox/2.0.0.11
- version/mozilla firefox/1.5.0.2
- version/mozilla seamonkey/1.1.16
- version/mozilla firefox/1.0.3
- version/mozilla firefox/3.0.1
- version/mozilla firefox/2.0.0.4
- version/mozilla firefox/0.5
- version/mozilla firefox/0.6.1
- version/mozilla firefox/1.5.1
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla firefox/2.0.0.21
- version/mozilla firefox/0.9.3
- version/mozilla firefox/2.0.0.13
- version/mozilla firefox/2.0.0.18
- version/mozilla firefox/2.0-rc2
- version/mozilla firefox/2.0.0.1
- version/mozilla firefox/3.0.2
- version/mozilla firefox/2.0_.6
- version/mozilla firefox/2.0_.4
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/1.0.4
- version/mozilla firefox/1.5.5
- version/mozilla firefox/0.9.2
- version/mozilla firefox/1.0-preview_release
- version/mozilla seamonkey/2.0
- version/mozilla firefox/2.0-beta_1
- version/mozilla seamonkey/1.1.9
- version/mozilla seamonkey/1.1.13
- version/mozilla firefox/2.0.0.20
- version/mozilla firefox/2.0.0.8
- version/mozilla firefox/3.0-beta5
- version/mozilla firefox/0.9-rc
- version/mozilla firefox/2.0.0.19
- version/mozilla firefox/1.5.8
- version/mozilla firefox/1.5.3
- version/mozilla firefox/0.4
- version/mozilla firefox/1.5.0.4
- version/mozilla firefox/1.5.0.1
- version/mozilla firefox/3.0.13
- version/mozilla firefox/0.10
- version/mozilla firefox/1.0.5
- version/mozilla firefox/2.0.0.5
- version/mozilla firefox/2.0.0.10
- version/mozilla firefox/2.0-rc3
- version/mozilla firefox/3.0-alpha
- version/mozilla firefox/1.0.6
- version/mozilla seamonkey/1.1.4
- version/mozilla firefox/1.0.8
- version/mozilla firefox/3.0.11