Lucene search
Mozilla FoundationMFSA2009-61HistoryOct 27, 2009 - 12:00 a.m.
Cross-origin data theft through document.getSelection() β Mozilla
2009-10-2700:00:00
Mozilla Foundation
www.mozilla.org
10
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.0%
Security researcher Gregory Fleischer reported that text within a selection on a web page can be read by JavaScript in a different domain using the document.getSelection function, violating the same-origin policy. Since this vulnerability requires user interaction to exploit, its severity was determined to be moderate.
Affected configurations
Node
mozillafirefoxRange<3.0.15
ORmozillafirefoxRange<3.5.4
Related
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-61
2009-10-28 00:00:00
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2009-11-05 00:00:00
cvelist
cvelist
CVE-2009-3375
2009-10-29 14:00:00
ubuntucve
ubuntucve
CVE-2009-3375
2009-10-29 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:36:53
cve
cve
CVE-2009-3375
2009-10-29 14:30:00
seebug
seebug
Firefox document.getSelectθ·¨εδΏ‘ζ―ζ³ι²ζΌζ΄
2009-11-03 00:00:00
prion
prion
Design/Logic Flaw
2009-10-29 14:30:00
nvd
nvd
CVE-2009-3375
2009-10-29 14:30:00
openvas
openvas
CentOS Security Advisory CESA-2009:1531 (seamonkey)
2009-11-11 00:00:00
CentOS Security Advisory CESA-2009:1531 (seamonkey)
2009-11-11 00:00:00
CentOS Update for seamonkey CESA-2009:1531 centos4 i386
2011-08-09 00:00:00
nessus
nessus
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
Debian DSA-1922-1 : xulrunner - several vulnerabilities
2010-02-24 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2009-10-28 00:00:00
firefox security update
2009-10-28 00:00:00
centos
centos
seamonkey security update
2009-10-28 13:15:48
firefox, nspr security update
2009-10-28 13:44:04
redhat
redhat
(RHSA-2009:1531) Critical: seamonkey security update
2009-10-27 00:00:00
(RHSA-2009:1530) Critical: firefox security update
2009-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: chmsee-1.0.1-12.fc11
2009-10-29 02:59:35
[SECURITY] Fedora 11 Update: galeon-2.0.7-17.fc11
2009-10-29 02:59:35
[SECURITY] Fedora 11 Update: blam-1.8.5-15.fc11
2009-10-29 02:59:35
debian
debian
[SECURITY] [DSA 1922-1] New xulrunner packages fix several vulnerabilities
2009-10-28 21:13:30
osv
osv
xulrunner - several vulnerabilities
2009-10-28 00:00:00
vmware
vmware
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2009-10-31 00:00:00
Firefox and Xulrunner regression
2009-11-11 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-11-04 14:24:35
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-10-27 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.0%
Related for MFSA2009-61