CVE-2009-3374

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.0.x through 3.0.14 Mozilla Firefox versions 3.5.x through 3.5.3

Description The issue concerns the XPCVariant::VariantDataToJS function in the XPCOM implementation, which fails to enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites. This allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."

Recommendations For Mozilla Firefox versions 3.0.x through 3.0.14, update to version 3.0.15 or later. For Mozilla Firefox versions 3.5.x through 3.5.3, update to version 3.5.4 or later.