Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Mozilla
  • Firefox
  • Seamonkey
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0a1:*:pre:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 4
firefox-0:3.0.16-4.el4 cpe:/o:redhat:enterprise_linux:4 RHSA-2009:1674 2009-12-16T00:00:00Z
Red Hat Enterprise Linux 5
firefox-0:3.0.16-1.el5_4 cpe:/o:redhat:enterprise_linux:5 RHSA-2009:1674 2009-12-16T00:00:00Z
xulrunner-0:1.9.0.16-2.el5_4 cpe:/o:redhat:enterprise_linux:5 RHSA-2009:1674 2009-12-16T00:00:00Z
References
Link Providers
http://secunia.com/advisories/37699 cve-icon cve-icon
http://secunia.com/advisories/37704 cve-icon cve-icon
http://secunia.com/advisories/37785 cve-icon cve-icon
http://secunia.com/advisories/37813 cve-icon cve-icon
http://secunia.com/advisories/37856 cve-icon cve-icon
http://secunia.com/advisories/37881 cve-icon cve-icon
http://securitytracker.com/id?1023344 cve-icon cve-icon
http://securitytracker.com/id?1023345 cve-icon cve-icon
http://www.debian.org/security/2009/dsa-1956 cve-icon cve-icon
http://www.mozilla.org/security/announce/2009/mfsa2009-70.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2009_63_firefox.html cve-icon cve-icon
http://www.securityfocus.com/bid/37349 cve-icon cve-icon
http://www.securityfocus.com/bid/37365 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-873-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-874-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3547 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=522430 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=546724 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/54803 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-3986 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11568 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8489 cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1674.html cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-3986 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-12-17T17:00:00

Updated: 2024-08-07T06:45:50.896Z

Reserved: 2009-11-19T00:00:00

Link: CVE-2009-3986

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2009-12-17T17:30:00.563

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-3986

cve-icon Redhat

Severity : Moderate

Publid Date: 2009-12-15T00:00:00Z

Links: CVE-2009-3986 - Bugzilla