Back to search
CVE-2009-3987
Published: Dec 17, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
37699
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=503451
x_refsource_CONFIRM
ADV-2009-3547
vdb-entry
x_refsource_VUPEN
37785
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:7958
vdb-entry
signature
x_refsource_OVAL
https://bugzilla.redhat.com/show_bug.cgi?id=546729
x_refsource_CONFIRM
37349
vdb-entry
x_refsource_BID
firefox-geckoactivexobject-info-disclosure(54798)
vdb-entry
x_refsource_XF
1023347
vdb-entry
x_refsource_SECTRACK
37360
vdb-entry
x_refsource_BID
1023346
vdb-entry
x_refsource_SECTRACK
http://www.mozilla.org/security/announce/2009/mfsa2009-71.html
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now