EUVD-2009-3958

Malware in sbrugna...

SUSE CVE-2009-3987

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive...

Mandriva Linux Security Advisory : firefox (MDVSA-2009:338)

Security issues were identified and fixed in firefox 3.5.x : liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service application crash or execute arbitrary code via unspecified vectors, related to memory safe...

Firefox GeckoActiveXObject异常消息COM对象枚举漏洞

BUGTRAQ ID: 37360 CVECAN ID: CVE-2009-3987 Firefox是一款流行的开源WEB浏览器。 Mozilla的GeckoActiveXObject所生成的异常消息会根据系统注册表中是否存在所请求COM对象的ProgID而不同，恶意站点可以根据这个差异枚举出用户系统上所安装的COM对象列表，并创建配置文件跨浏览会话追踪用户。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0 厂商补丁： Mozilla -------...

CVE-2009-3987

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive...

CVE-2009-3987

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive...

CVE-2009-3987

CVE-2009-3987 affects Mozilla Firefox (before 3.0.16 and 3.5.x before 3.5.6) and SeaMonkey (before 2.0.1); the GeckoActiveXObject function returns different exception messages based on whether a ProgID is listed in the registry, enabling remote attackers to infer installed software via multiple c...

Mozilla Foundation Security Advisory 2009-71

Mozilla Foundation Security Advisory 2009-71 Title: GeckoActiveXObject exception messages can be used to enumerate installed COM objects Impact: Low Announced: December 15, 2009 Reporter: Gregory Fleischer Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.6 Firefox 3.0.16 SeaMonkey 2.0.1...

SeaMonkey < 2.0.1 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.0.1. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. MFSA 2009-65 - Multiple vulnerabilities in 'liboggplay' can lead to arbitrary code execution. MFSA 2009-66...

SeaMonkey < 2.0.1 Multiple Vulnerabilities

Binary data 5265.prm...

Firefox < 3.0.16 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.0.16. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. MFSA 2009-65 - The NTLM implementation is vulnerable to reflection attacks in which NTLM credentials from o...

GeckoActiveXObject exception messages can be used to enumerate installed COM objects — Mozilla

Security researcher Gregory Fleischer reported that the exception messages generated by Mozilla's GeckoActiveXObject differ based on whether or not the requested COM object's ProgID is present in the system registry. A malicious site could use this vulnerability to enumerate a list of COM objects...