CVE-2009-3983 — Mozilla Firefox vulnerability

11 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

0.7%

top 28.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 17

Latest updateMay 2

Description

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/firefox3.0.15+98

▶NVDmozilla/seamonkey2.0+35

Patches

Patch: www.mozilla.org ↗Patch: www.vupen.com ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-c965-xrgf-38h8: Mozilla Firefox before 3↗2022-05-02

▶

CVEList

CVE-2009-3983: Mozilla Firefox before 3↗2009-12-17

▶

💥Exploits & PoCs

Exploit-DB

Oracle 10g - SYS.LT.MERGEWORKSPACE SQL Injection↗2009-01-06

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2010-03-18

▶

Ubuntu

Firefox 3.5 and Xulrunner 1.9.1 regression↗2010-01-08

▶

Ubuntu

Firefox 3.0 and Xulrunner 1.9 regression↗2010-01-08

▶

Ubuntu

Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities↗2009-12-18

▶

Ubuntu

Firefox 3.0 and Xulrunner 1.9 vulnerabilities↗2009-12-18

▶

💬Community

Bugzilla

CVE-2009-3983 Mozilla NTLM reflection vulnerability↗2009-12-11

▶