Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2009-3374

Date: October 29, 2009

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."

Severity Score

Related Resources (11)

http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6565
https://nvd.nist.gov/vuln/detail/CVE-2009-3374
http://www.vupen.com/english/advisories/2009/3334
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9789
https://bugzilla.mozilla.org/show_bug.cgi?id=505988
http://www.mozilla.org/security/announce/2009/mfsa2009-57.html
https://access.redhat.com/security/cve/CVE-2009-3374
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3374
https://www.mend.io/vulnerability-database/CVE-2009-3374

Severity Score

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us