CVE-2009-3987
Published: 17 December 2009
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.
Notes
Author | Note |
---|---|
jdstrand | Windows only (ActiveX) |
Priority
Status
Package | Release | Status |
---|---|---|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Does not exist
|
|
upstream |
Released
(3.0.16)
|
|
firefox-3.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Released
(3.5.6)
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Released
(2.0.1)
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Does not exist
|
|
upstream |
Released
(1.9.0.16)
|
|
xulrunner-1.9.1 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Needs triage
|