CVE-2009-3987
Mozilla Firefox <3.0.16 & SeaMonkey <2.0.1 - Info Disclosure
Title source: llmDescription
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.
References (12)
Core 12
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37699
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=503451
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3547
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37785
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7958
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=546729
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37349
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54798
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023347
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37360
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023346
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2009/mfsa2009-71.html
Scores
EPSS
0.0162
EPSS Percentile
73.2%
Details
CWE
CWE-200
Status
published
Products (46)
mozilla/firefox
0.1
mozilla/firefox
0.2
mozilla/firefox
0.3
mozilla/firefox
0.4
mozilla/firefox
0.5
mozilla/firefox
0.6
mozilla/firefox
0.6.1
mozilla/firefox
0.7
mozilla/firefox
0.7.1
mozilla/firefox
0.8
... and 36 more
Published
Dec 17, 2009
Tracked Since
Feb 18, 2026