[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3374Date: (C)2009-10-29   (M)2024-03-27


The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SUNALERT-272909
ADV-2009-3334
MDVSA-2009:294
http://www.mozilla.org/security/announce/2009/mfsa2009-57.html
https://bugzilla.mozilla.org/show_bug.cgi?id=505988
oval:org.mitre.oval:def:6565
oval:org.mitre.oval:def:9789

CPE    16
cpe:/a:mozilla:firefox:3.5.3
cpe:/a:mozilla:firefox:3.5.1
cpe:/a:mozilla:firefox:3.5.2
cpe:/a:mozilla:firefox:3.0.4
...
CWE    1
CWE-264
OVAL    51
oval:org.secpod.oval:def:600365
oval:org.secpod.oval:def:300577
oval:org.secpod.oval:def:200291
oval:org.secpod.oval:def:300776
...

© SecPod Technologies