Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-3985

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
CONFIRM: https://bugzilla.redha...
DEBIAN: DSA-1956
FEDORA: FEDORA-2009-13333
FEDORA: FEDORA-2009-13362
FEDORA: FEDORA-2009-13366
REDHAT: RHSA-2009:1674
UBUNTU: USN-873-1
UBUNTU: USN-874-1
BID: 37349
BID: 37370
SECTRACK: 1023342
SECTRACK: 1023343
SECUNIA: 37699
SECUNIA: 37704
SECUNIA: 37785
VUPEN: ADV-2009-3547
SUSE: SUSE-SA:2009:063
SECUNIA: 37813
SECUNIA: 37856
SECUNIA: 37881
XF: firefox-documentlocati...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2009-3985

Related bugs

References