7.8
CVE-2009-3987
- EPSS 1.62%
- Veröffentlicht 17.12.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.62% | 0.729 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://secunia.com/advisories/37699
http://secunia.com/advisories/37785
http://www.securityfocus.com/bid/37349
http://www.vupen.com/english/advisories/2009/3547
http://securitytracker.com/id?1023346
http://securitytracker.com/id?1023347
http://www.mozilla.org/security/announce/2009/mfsa2009-71.html
http://www.securityfocus.com/bid/37360
https://bugzilla.mozilla.org/show_bug.cgi?id=503451
https://bugzilla.redhat.com/show_bug.cgi?id=546729
https://exchange.xforce.ibmcloud.com/vulnerabilities/54798
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7958