CVE-2009-3374

high

Description

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1

http://www.mandriva.com/security/advisories?name=MDVSA-2009:294

http://www.mozilla.org/security/announce/2009/mfsa2009-57.html

http://www.vupen.com/english/advisories/2009/3334

https://bugzilla.mozilla.org/show_bug.cgi?id=505988

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6565

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9789

Details

Source: MITRE

Published: 2009-10-29

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH