CVE-2009-3987
8.8 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.006 Low
EPSS
Percentile
77.5%
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.
References
secunia.com/advisories/37699
secunia.com/advisories/37785
securitytracker.com/id?1023346
securitytracker.com/id?1023347
www.mozilla.org/security/announce/2009/mfsa2009-71.html
www.securityfocus.com/bid/37349
www.securityfocus.com/bid/37360
www.vupen.com/english/advisories/2009/3547
bugzilla.mozilla.org/show_bug.cgi?id=503451
bugzilla.redhat.com/show_bug.cgi?id=546729
exchange.xforce.ibmcloud.com/vulnerabilities/54798
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7958
Related
8.8 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.006 Low
EPSS
Percentile
77.5%