Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3375

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-3375
Last Modified 15 Jul 2013 01:57:03
Published 29 Oct 2009 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3375

Summary

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.

Vulnerable Systems

Application

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1

  • Mozilla Firefox 3.0.10

  • Mozilla Firefox 3.0.11

  • Mozilla Firefox 3.0.12

  • Mozilla Firefox 3.0.13

  • Mozilla Firefox 3.0.2

  • Mozilla Firefox 3.0.3

  • Mozilla Firefox 3.0.4

  • Mozilla Firefox 3.0.5

  • Mozilla Firefox 3.0.6

  • Mozilla Firefox 3.0.7

  • Mozilla Firefox 3.0.8

  • Mozilla Firefox 3.0.9

  • Mozilla Firefox 3.5

  • Mozilla Firefox 3.5.1

  • Mozilla Firefox 3.5.2

  • Mozilla Firefox 3.5.3


References

CONFIRM - http://www.mozilla.org/security/announce/2009/mfsa2009-61.html

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=503226

VUPEN - ADV-2009-3334

MANDRIVA - MDVSA-2009:294

SUNALERT - 272909


Last Updated: 27 May 2016 10:51:14