Lucene search

MitreCVE-2009-3374

HistoryOct 29, 2009 - 2:30 p.m.

CVE-2009-3374

2009-10-2914:30:00

CWE-264

mitre

web.nvd.nist.gov

cve-2009-3374

xpcom

mozilla firefox

remote attackers

arbitrary javascript

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.012

Percentile

85.5%

JSON

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to “doubly-wrapped objects.”

Affected configurations

Nvd

Node

mozillafirefoxMatch3.0beta5

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0.7

mozillafirefoxMatch3.0.8

mozillafirefoxMatch3.0.9

mozillafirefoxMatch3.0.10

mozillafirefoxMatch3.0.11

mozillafirefoxMatch3.0.12

mozillafirefoxMatch3.0.13

mozillafirefoxMatch3.5.1

mozillafirefoxMatch3.5.2

mozillafirefoxMatch3.5.3

VendorProductVersionCPE
mozillafirefox3.0cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
mozillafirefox3.0.1cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
mozillafirefox3.0.2cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
mozillafirefox3.0.3cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
mozillafirefox3.0.4cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
mozillafirefox3.0.5cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
mozillafirefox3.0.6cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
mozillafirefox3.0.7cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
mozillafirefox3.0.8cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
mozillafirefox3.0.9cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	3.0	cpe:2.3:a:mozilla:firefox:3.0:beta5::::::
mozilla	firefox	3.0.1	cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
mozilla	firefox	3.0.2	cpe:2.3:a:mozilla:firefox:3.0.2:::::::*
mozilla	firefox	3.0.3	cpe:2.3:a:mozilla:firefox:3.0.3:::::::*
mozilla	firefox	3.0.4	cpe:2.3:a:mozilla:firefox:3.0.4:::::::*
mozilla	firefox	3.0.5	cpe:2.3:a:mozilla:firefox:3.0.5:::::::*
mozilla	firefox	3.0.6	cpe:2.3:a:mozilla:firefox:3.0.6:::::::*
mozilla	firefox	3.0.7	cpe:2.3:a:mozilla:firefox:3.0.7:::::::*
mozilla	firefox	3.0.8	cpe:2.3:a:mozilla:firefox:3.0.8:::::::*
mozilla	firefox	3.0.9	cpe:2.3:a:mozilla:firefox:3.0.9:::::::*