CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
95.2%
Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and
David James discovered several flaws in the browser and JavaScript engines
of Firefox. If a user were tricked into viewing a malicious website, a
remote attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)
Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox.
If an NTLM authenticated user visited a malicious website, a remote
attacker could send requests to other applications, authenticated as the
user. (CVE-2009-3983)
Jonathan Morgan discovered that Firefox did not properly display SSL
indicators under certain circumstances. This could be used by an attacker
to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)
Jordi Chancel discovered that Firefox did not properly display invalid URLs
for a blank page. If a user were tricked into accessing a malicious
website, an attacker could exploit this to spoof the location bar, such as
in a phishing attack. (CVE-2009-3985)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.04 | noarch | firefox-3.0 | < 3.0.16+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | abrowser | < 3.0-branding-3.0.16+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | firefox | < 3.0-3.0.16+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | firefox | < 3.0-branding-3.0.16+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | firefox | < 3.0-dev-3.0.16+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | firefox | < 3.0-gnome-support-3.0.16+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | abrowser | < 3.0.16+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | xulrunner-1.9 | < 1.9.0.16+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | xulrunner-1.9 | < dev-1.9.0.16+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | xulrunner-1.9 | < gnome-support-1.9.0.16+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |