Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3985 — Mozilla Firefox vulnerability

10 documents7 sources

Severity

6.8MEDIUMNVD

CNA5.8

EPSS

0.5%

top 35.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 17

Latest updateMay 2

Description

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/firefox3.0.15+98

▶NVDmozilla/seamonkey2.0+35

Patches

Patch: securitytracker.com ↗Patch: www.vupen.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-gfvv-6f6j-f63q: Mozilla Firefox before 3↗2022-05-02

▶

CVEList

CVE-2009-3985: Mozilla Firefox before 3↗2009-12-17

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox - Location Bar Spoofing↗2009-12-18

▶

📋Vendor Advisories

Ubuntu

Firefox 3.5 and Xulrunner 1.9.1 regression↗2010-01-08

▶

Ubuntu

Firefox 3.0 and Xulrunner 1.9 regression↗2010-01-08

▶

Ubuntu

Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities↗2009-12-18

▶

Ubuntu

Firefox 3.0 and Xulrunner 1.9 vulnerabilities↗2009-12-18

▶

Red Hat

Mozilla URL spoofing via invalid document.location↗2009-12-15

▶

💬Community

Bugzilla

CVE-2009-3985 Mozilla URL spoofing via invalid document.location↗2009-12-11

▶