The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/37699 - Vendor Advisory | |
References | () http://secunia.com/advisories/37785 - Vendor Advisory | |
References | () http://securitytracker.com/id?1023346 - Patch | |
References | () http://securitytracker.com/id?1023347 - Patch | |
References | () http://www.mozilla.org/security/announce/2009/mfsa2009-71.html - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/37349 - | |
References | () http://www.securityfocus.com/bid/37360 - | |
References | () http://www.vupen.com/english/advisories/2009/3547 - Patch, Vendor Advisory | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=503451 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=546729 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/54798 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7958 - |
Information
Published : 2009-12-17 17:30
Updated : 2024-11-21 01:08
NVD link : CVE-2009-3987
Mitre link : CVE-2009-3987
CVE.ORG link : CVE-2009-3987
JSON object : View
Products Affected
mozilla
- firefox
- seamonkey
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor