Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-3987 | First vendor Publication | 2009-12-17 |
| Vendor | Cve | Last vendor Modification | 2017-09-19 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:7958 | |||
| Oval ID: | oval:org.mitre.oval:def:7958 | ||
| Title: | Mozilla Firefox and SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability | ||
| Description: | The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3987 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-12-30 | Name : Mandriva Security Advisory MDVSA-2009:339 (firefox) File : nvt/mdksa_2009_339.nasl |
| 2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_firefox_mult_vuln_dec09_lin01.nasl |
| 2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_firefox_mult_vuln_dec09_lin02.nasl |
| 2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_firefox_mult_vuln_dec09_win01.nasl |
| 2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_firefox_mult_vuln_dec09_win02.nasl |
| 2009-12-23 | Name : Seamonkey Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_dec09_lin.nasl |
| 2009-12-23 | Name : Seamonkey Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_dec09_win.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 61092 | Mozilla Multiple Browsers GeckoActiveXObject Exception Message COM Object Enu... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | multiple products GeckoActiveX COM object recon attempt RuleID : 21165 - Revision : 4 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-338.nasl - Type : ACT_GATHER_INFO |
| 2010-01-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-091223.nasl - Type : ACT_GATHER_INFO |
| 2009-12-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-339.nasl - Type : ACT_GATHER_INFO |
| 2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3016.nasl - Type : ACT_GATHER_INFO |
| 2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_356.nasl - Type : ACT_GATHER_INFO |
| 2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_201.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-10 01:11:18 |
|
| 2024-02-02 01:11:55 |
|
| 2024-02-01 12:03:19 |
|
| 2023-09-05 12:11:10 |
|
| 2023-09-05 01:03:11 |
|
| 2023-09-02 12:11:16 |
|
| 2023-09-02 01:03:12 |
|
| 2023-08-12 12:13:14 |
|
| 2023-08-12 01:03:12 |
|
| 2023-08-11 12:11:19 |
|
| 2023-08-11 01:03:19 |
|
| 2023-08-06 12:10:52 |
|
| 2023-08-06 01:03:13 |
|
| 2023-08-04 12:10:57 |
|
| 2023-08-04 01:03:15 |
|
| 2023-07-14 12:10:54 |
|
| 2023-07-14 01:03:13 |
|
| 2023-03-29 01:12:29 |
|
| 2023-03-28 12:03:19 |
|
| 2022-10-11 12:09:43 |
|
| 2022-10-11 01:03:02 |
|
| 2021-05-04 12:10:28 |
|
| 2021-04-22 01:10:55 |
|
| 2020-10-14 01:04:54 |
|
| 2020-10-03 01:04:53 |
|
| 2020-05-29 01:04:28 |
|
| 2020-05-23 01:41:05 |
|
| 2020-05-23 00:24:35 |
|
| 2017-11-22 12:03:09 |
|
| 2017-09-19 09:23:30 |
|
| 2017-08-17 09:22:47 |
|
| 2016-06-28 17:53:57 |
|
| 2016-04-26 19:15:40 |
|
| 2014-02-17 10:52:21 |
|
| 2014-01-19 21:26:20 |
|
| 2013-05-11 00:00:55 |
|
