| Revision Date: | 2014-10-06 | Version: | 25 |
| Title: | Mozilla Firefox and SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability |
| Description: | The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2009-3987
|
| Platform(s): | Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | Mozilla Firefox
Mozilla Seamonkey
|
| Definition Synopsis |
| Check for vulnerable Firefox mainline Mozilla Firefox Mainline release is installed
AND Check for vulnerable version
Mozilla Firefox Mainline version is less than 3.0.16
OR Mozilla Firefox Mainline version is 3.5.x to 3.5.5
OR Check for vulnerable SeaMonkey
Mozilla Seamonkey is installed
AND Mozilla Seamonkey version less than 2.0.1
|