CVE-2009-3983

critical

Description

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.

References

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html

https://rhn.redhat.com/errata/RHSA-2009-1674.html

https://rhn.redhat.com/errata/RHSA-2009-1673.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8240

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10047

https://exchange.xforce.ibmcloud.com/vulnerabilities/54807

https://bugzilla.redhat.com/show_bug.cgi?id=546720

https://bugzilla.mozilla.org/show_bug.cgi?id=487872

http://www.vupen.com/english/advisories/2010/0648

http://www.vupen.com/english/advisories/2009/3547

http://www.ubuntu.com/usn/USN-915-1

http://www.ubuntu.com/usn/USN-874-1

http://www.ubuntu.com/usn/USN-873-1

http://www.securityfocus.com/bid/37366

http://www.securityfocus.com/bid/37349

http://www.novell.com/linux/security/advisories/2009_63_firefox.html

http://www.mozilla.org/security/announce/2009/mfsa2009-68.html

http://www.debian.org/security/2009/dsa-1956

http://securitytracker.com/id?1023341

http://securitytracker.com/id?1023340

http://secunia.com/advisories/39001

http://secunia.com/advisories/38977

http://secunia.com/advisories/37881

http://secunia.com/advisories/37856

http://secunia.com/advisories/37813

http://secunia.com/advisories/37785

http://secunia.com/advisories/37704

http://secunia.com/advisories/37703

http://secunia.com/advisories/37699

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

Details

Source: Mitre, NVD

Published: 2009-12-17

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical