OpenCVE

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:3.0:::::::*
	cpe:2.3:a:mozilla:firefox:3.0:alpha::::::
	cpe:2.3:a:mozilla:firefox:3.0:beta2::::::
	cpe:2.3:a:mozilla:firefox:3.0:beta5::::::
	cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.8:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.9:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.10:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.11:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.12:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.13:::::::*
	cpe:2.3:a:mozilla:firefox:3.5:::::::*
	cpe:2.3:a:mozilla:firefox:3.5.1:::::::*
	cpe:2.3:a:mozilla:firefox:3.5.2:::::::*
	cpe:2.3:a:mozilla:firefox:3.5.3:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
seamonkey-0:1.0.9-0.47.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2009:1531	2009-10-27T00:00:00Z
Red Hat Enterprise Linux 4
firefox-0:3.0.15-3.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:1530	2009-10-27T00:00:00Z
nspr-0:4.7.6-1.el4_8	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:1530	2009-10-27T00:00:00Z
seamonkey-0:1.0.9-50.el4_8	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:1531	2009-10-27T00:00:00Z
Red Hat Enterprise Linux 5
firefox-0:3.0.15-3.el5_4	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1530	2009-10-27T00:00:00Z
nspr-0:4.7.6-1.el5_4	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1530	2009-10-27T00:00:00Z
xulrunner-0:1.9.0.15-3.el5_4	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1530	2009-10-27T00:00:00Z

References

Link	Providers
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://www.mozilla.org/security/announce/2009/mfsa2009-61.html
http://www.vupen.com/english/advisories/2009/3334
https://bugzilla.mozilla.org/show_bug.cgi?id=503226
https://nvd.nist.gov/vuln/detail/CVE-2009-3375
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10440
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5935
https://www.cve.org/CVERecord?id=CVE-2009-3375

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-10-29T14:00:00

Updated: 2024-08-07T06:22:24.433Z

Reserved: 2009-09-24T00:00:00

Link: CVE-2009-3375

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-10-29T14:30:00.953

Modified: 2024-11-21T01:07:12.790

Link: CVE-2009-3375

Redhat

Severity : Moderate

Publid Date: 2009-10-27T00:00:00Z

Links: CVE-2009-3375 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object