CVE-2009-3984 — Mozilla Firefox vulnerability

10 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

2.1%

top 16.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 17

Latest updateMay 2

Description

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/firefox3.0.15+98

▶NVDmozilla/seamonkey2.0+35

Patches

Patch: www.mozilla.org ↗Patch: www.vupen.com ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-48cw-4934-3rhw: Mozilla Firefox before 3↗2022-05-02

▶

CVEList

CVE-2009-3984: Mozilla Firefox before 3↗2009-12-17

▶

💥Exploits & PoCs

Exploit-DB

Oracle 10g - SYS.LT.REMOVEWORKSPACE SQL Injection↗2009-01-06

▶

📋Vendor Advisories

Ubuntu

Firefox 3.5 and Xulrunner 1.9.1 regression↗2010-01-08

▶

Ubuntu

Firefox 3.0 and Xulrunner 1.9 regression↗2010-01-08

▶

Ubuntu

Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities↗2009-12-18

▶

Ubuntu

Firefox 3.0 and Xulrunner 1.9 vulnerabilities↗2009-12-18

▶

Red Hat

Mozilla SSL spoofing with document.location and empty SSL response page↗2009-12-15

▶

💬Community

Bugzilla

CVE-2009-3984 Mozilla SSL spoofing with document.location and empty SSL response page↗2009-12-11

▶