CVE-2009-3986 — Code Injection in Mozilla Firefox

CWE-94 — Code Injection10 documents6 sources

Severity

7.6HIGHNVD

EPSS

2.0%

top 16.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 17

Latest updateMay 2

Description

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.0.15+98

▶NVDmozilla/seamonkey2.0+35

Patches

Patch: securitytracker.com ↗Patch: securitytracker.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-hm3p-p79c-ph3c: Mozilla Firefox before 3↗2022-05-02

▶

CVEList

CVE-2009-3986: Mozilla Firefox before 3↗2009-12-17

▶

📋Vendor Advisories

Ubuntu

Firefox 3.5 and Xulrunner 1.9.1 regression↗2010-01-08

▶

Ubuntu

Firefox 3.0 and Xulrunner 1.9 regression↗2010-01-08

▶

Ubuntu

Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities↗2009-12-18

▶

Ubuntu

Firefox 3.0 and Xulrunner 1.9 vulnerabilities↗2009-12-18

▶

Red Hat

Mozilla Chrome privilege escalation via window.opener↗2009-12-15

▶

💬Community

Bugzilla

CVE-2009-3986 Mozilla Chrome privilege escalation via window.opener↗2009-12-11

▶

Bugzilla

CVE-2009-3241 Wireshark: DoS (excessive CPU use) in OPCUA dissector↗2009-09-17

▶