CVE-2009-3987

Mozilla Firefox <3.0.16 & SeaMonkey <2.0.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.

References (12)

Core 12
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37699
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=503451
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3547
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37785
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7958
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=546729
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37349
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54798
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023347
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37360
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023346

Scores

EPSS 0.0162
EPSS Percentile 73.2%

Details

CWE
CWE-200
Status published
Products (46)
mozilla/firefox 0.1
mozilla/firefox 0.2
mozilla/firefox 0.3
mozilla/firefox 0.4
mozilla/firefox 0.5
mozilla/firefox 0.6
mozilla/firefox 0.6.1
mozilla/firefox 0.7
mozilla/firefox 0.7.1
mozilla/firefox 0.8
... and 36 more
Published Dec 17, 2009
Tracked Since Feb 18, 2026