Vulnerability Description
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 3.0 |
Related Weaknesses (CWE)
References
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
- http://www.mozilla.org/security/announce/2009/mfsa2009-57.htmlPatchVendor Advisory
- http://www.vupen.com/english/advisories/2009/3334
- https://bugzilla.mozilla.org/show_bug.cgi?id=505988
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
- http://www.mozilla.org/security/announce/2009/mfsa2009-57.htmlPatchVendor Advisory
- http://www.vupen.com/english/advisories/2009/3334
- https://bugzilla.mozilla.org/show_bug.cgi?id=505988
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2009-3374?
CVE-2009-3374 is a vulnerability with a CVSS score of 7.5 (HIGH). The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome ...
How severe is CVE-2009-3374?
CVE-2009-3374 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3374?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.