Home > Vulnerability Database > CVE-2009-3985

WhiteSource Vulnerability Database

CVE-2009-3985

Good to know:

Date: December 17, 2009

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.

Severity Score

5.6

Related Resources (5)

Url: http://secunia.com/advisories/37704

Url: http://www.novell.com/linux/security/advisories/2009_63_firefox.html

Url: http://secunia.com/advisories/37881

Url: http://www.debian.org/security/2009/dsa-1956

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-3985

Severity Score

5.6

Top Fix

Upgrade Version

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

WhiteSource Vulnerability Database

We found results for “”

CVE-2009-3985

Good to know:

Date: December 17, 2009

Severity Score

Related Resources (5)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?