CVE-2009-3985 Information

Description

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL and then writing arbitrary web script or HTML to the associated blank document a related issue to CVE-2009-2654.

Reference

http://secunia.com/advisories/37699 http://secunia.com/advisories/37704 http://secunia.com/advisories/37785 http://secunia.com/advisories/37813 http://secunia.com/advisories/37856 http://secunia.com/advisories/37881 http://securitytracker.com/id?1023342 http://securitytracker.com/id?1023343 http://www.debian.org/security/2009/dsa-1956 http://www.mozilla.org/security/announce/2009/mfsa2009-69.html http://www.novell.com/linux/security/advisories/2009_63_firefox.html http://www.securityfocus.com/bid/37349 http://www.securityfocus.com/bid/37370 http://www.ubuntu.com/usn/USN-873-1 http://www.ubuntu.com/usn/USN-874-1 http://www.vupen.com/english/advisories/2009/3547 https://bugzilla.mozilla.org/show_bug.cgi?id=514232 https://bugzilla.redhat.com/show_bug.cgi?id=546726 https://exchange.xforce.ibmcloud.com/vulnerabilities/54808 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A8480 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9911 https://rhn.redhat.com/errata/RHSA-2009-1674.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html