Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8sxb-49bw-g3fn
Vulnerability ID VCID-8sxb-49bw-g3fn
Aliases CVE-2009-3984
Summary Security researcher Jonathan Morgan reported that when a page loaded over an insecure protocol, such as http: or file:, sets its document.location to a https: URL which responds with a 204 status and empty response body, the insecure page will receive SSL indicators near the location bar, but will not have its page content modified in any way. This could lead to a user believing they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an issue similar to one fixed in mfsa2009-44 in which a web page can set document.location to a URL that can't be displayed properly and then inject content into the resulting blank page. An attacker could use this vulnerability to place a legitimate-looking but invalid URL in the location bar and inject HTML and JavaScript into the body of the page, resulting in a spoofing attack.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.0205 https://api.first.org/data/v1/epss?cve=CVE-2009-3984
generic_textual none https://www.mozilla.org/en-US/security/advisories/mfsa2009-69
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3984.json
https://api.first.org/data/v1/epss?cve=CVE-2009-3984
546722 https://bugzilla.redhat.com/show_bug.cgi?id=546722
CVE-2009-3984 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2009-69 https://www.mozilla.org/en-US/security/advisories/mfsa2009-69
RHSA-2009:1673 https://access.redhat.com/errata/RHSA-2009:1673
RHSA-2009:1674 https://access.redhat.com/errata/RHSA-2009:1674
USN-873-1 https://usn.ubuntu.com/873-1/
USN-874-1 https://usn.ubuntu.com/874-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.84152
EPSS Score 0.0205
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:27:40.847861+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2009/mfsa2009-69.md 38.6.0