Back to search
CVE-2009-2665
Published: Aug 4, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2009-2142
vdb-entry
x_refsource_VUPEN
http://www.mozilla.org/security/announce/2009/mfsa2009-46.html
x_refsource_CONFIRM
266148
vendor-advisory
x_refsource_SUNALERT
https://bugzilla.mozilla.org/show_bug.cgi?id=498897
x_refsource_CONFIRM
FEDORA-2009-8288
vendor-advisory
x_refsource_FEDORA
36126
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-8279
vendor-advisory
x_refsource_FEDORA
35928
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now