Mozilla · Firefox · CVE-2009-3986
**Name of the Vulnerable Software and Affected Versions**
Mozilla Firefox versions prior to 3.0.16
Mozilla Firefox versions 3.5.x prior to 3.5.6
SeaMonkey versions prior to 2.0.1
**Description**
The issue allows remote attackers to execute arbitrary JavaScript with chrome privileges. This is achieved by leveraging a reference to a chrome window from a content window, related to the `window.opener` property.
**Recommendations**
For Mozilla Firefox versions prior to 3.0.16, update to version 3.0.16 or later.
For Mozilla Firefox versions 3.5.x prior to 3.5.6, update to version 3.5.6 or later.
For SeaMonkey versions prior to 2.0.1, update to version 2.0.1 or later.