CVE-2009-3987

Sažetak

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.

Reference

http://secunia.com/advisories/37699
http://secunia.com/advisories/37785
http://securitytracker.com/id?1023346
http://securitytracker.com/id?1023347
http://www.mozilla.org/security/announce/2009/mfsa2009-71.html
http://www.securityfocus.com/bid/37349
http://www.securityfocus.com/bid/37360
http://www.vupen.com/english/advisories/2009/3547
https://bugzilla.mozilla.org/show_bug.cgi?id=503451
https://bugzilla.redhat.com/show_bug.cgi?id=546729
https://exchange.xforce.ibmcloud.com/vulnerabilities/54798
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7958

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

19-09-2017 - 01:29

Objavljeno

17-12-2009 - 17:30