Detections
Analytics
CVE-2009-3985
medium
Description
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
References
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
https://rhn.redhat.com/errata/RHSA-2009-1674.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480
https://exchange.xforce.ibmcloud.com/vulnerabilities/54808
https://bugzilla.redhat.com/show_bug.cgi?id=546726
https://bugzilla.mozilla.org/show_bug.cgi?id=514232
http://www.vupen.com/english/advisories/2009/3547
http://www.ubuntu.com/usn/USN-874-1
http://www.ubuntu.com/usn/USN-873-1
http://www.securityfocus.com/bid/37370
http://www.securityfocus.com/bid/37349
http://www.novell.com/linux/security/advisories/2009_63_firefox.html
http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
http://www.debian.org/security/2009/dsa-1956
http://securitytracker.com/id?1023343
http://securitytracker.com/id?1023342
http://secunia.com/advisories/37881
http://secunia.com/advisories/37856
http://secunia.com/advisories/37813
http://secunia.com/advisories/37785