CVE-2009-3374

CVSS v2.0 7.5 (High)

EPSS 1.24 % (86^th)

Affected Products 1

Advisories 6

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2009-10-29 14:30:00
(15 years ago)
Updated Date: 2017-09-19 01:29:35
(7 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 3.0 Beta5	cpe:2.3:a:mozilla:firefox:3.0:beta5
	Mozilla Firefox 3.0.1	cpe:2.3:a:mozilla:firefox:3.0.1
	Mozilla Firefox 3.0.2	cpe:2.3:a:mozilla:firefox:3.0.2
	Mozilla Firefox 3.0.3	cpe:2.3:a:mozilla:firefox:3.0.3
	Mozilla Firefox 3.0.4	cpe:2.3:a:mozilla:firefox:3.0.4
	Mozilla Firefox 3.0.5	cpe:2.3:a:mozilla:firefox:3.0.5
	Mozilla Firefox 3.0.6	cpe:2.3:a:mozilla:firefox:3.0.6
	Mozilla Firefox 3.0.7	cpe:2.3:a:mozilla:firefox:3.0.7
	Mozilla Firefox 3.0.8	cpe:2.3:a:mozilla:firefox:3.0.8
	Mozilla Firefox 3.0.9	cpe:2.3:a:mozilla:firefox:3.0.9
	Mozilla Firefox 3.0.10	cpe:2.3:a:mozilla:firefox:3.0.10
	Mozilla Firefox 3.0.11	cpe:2.3:a:mozilla:firefox:3.0.11
	Mozilla Firefox 3.0.12	cpe:2.3:a:mozilla:firefox:3.0.12
	Mozilla Firefox 3.0.13	cpe:2.3:a:mozilla:firefox:3.0.13
	Mozilla Firefox 3.5.1	cpe:2.3:a:mozilla:firefox:3.5.1
	Mozilla Firefox 3.5.2	cpe:2.3:a:mozilla:firefox:3.5.2
	Mozilla Firefox 3.5.3	cpe:2.3:a:mozilla:firefox:3.5.3