Oval Definition:oval:org.mitre.oval:def:9789
Revision Date:2013-04-29Version:12
Title:The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
Description:The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-3374
Platform(s):CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • nspr is earlier than 0:4.7.6-1.el4_8
  • OR firefox is earlier than 0:3.0.15-3.el4
  • OR nspr-devel is earlier than 0:4.7.6-1.el4_8
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • xulrunner-devel-unstable is earlier than 0:1.9.0.15-3.el5_4
  • OR xulrunner-devel is earlier than 0:1.9.0.15-3.el5_4
  • OR nspr is earlier than 0:4.7.6-1.el5_4
  • OR firefox is earlier than 0:3.0.15-3.el5_4
  • OR nspr-devel is earlier than 0:4.7.6-1.el5_4
  • OR xulrunner is earlier than 0:1.9.0.15-3.el5_4
    • BACK