New Search

Mozilla Firefox and SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability

oval:org.mitre.oval:def:7958

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 generates different exception messages depending on whether the referenced COM object is listed in the registry which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Vista
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows 7
  • Microsoft Windows 2000
  • Microsoft Windows Server 2008
Class:
vulnerability
Reference(s):
  • CVE-2009-3987
Product(s):
  • Mozilla Firefox
  • Mozilla Seamonkey