Back to search
CVE-2009-3374
Published: Oct 29, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:9789
vdb-entry
signature
x_refsource_OVAL
272909
vendor-advisory
x_refsource_SUNALERT
https://bugzilla.mozilla.org/show_bug.cgi?id=505988
x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2009/mfsa2009-57.html
x_refsource_CONFIRM
oval:org.mitre.oval:def:6565
vdb-entry
signature
x_refsource_OVAL
ADV-2009-3334
vdb-entry
x_refsource_VUPEN
MDVSA-2009:294
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now