Vulnerability Description
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 3.0.15 |
| Mozilla | Seamonkey | <= 2.0 |
| Mozilla | Thunderbird | All versions |
References
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
- http://secunia.com/advisories/37699Vendor Advisory
- http://secunia.com/advisories/37703Vendor Advisory
- http://secunia.com/advisories/37704Vendor Advisory
- http://secunia.com/advisories/37785Vendor Advisory
- http://secunia.com/advisories/37813
- http://secunia.com/advisories/37856
- http://secunia.com/advisories/37881
- http://secunia.com/advisories/38977
- http://secunia.com/advisories/39001
- http://securitytracker.com/id?1023340
- http://securitytracker.com/id?1023341
- http://www.debian.org/security/2009/dsa-1956
- http://www.mozilla.org/security/announce/2009/mfsa2009-68.htmlPatchVendor Advisory
- http://www.novell.com/linux/security/advisories/2009_63_firefox.html
FAQ
What is CVE-2009-3983?
CVE-2009-3983 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of ...
How severe is CVE-2009-3983?
CVE-2009-3983 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3983?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.