PT-2009-5682 · Mozilla+1 · Firefox+1

Gregory Fleischer

Published

2009-10-27

Updated

2024-12-12

CVE-2009-3375

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.0.x through 3.0.14 Mozilla Firefox versions 3.5.x through 3.5.3

Description The issue allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection. This is achieved via the document.getSelection function.

Recommendations For Mozilla Firefox versions 3.0.x through 3.0.14, update to version 3.0.15 or later. For Mozilla Firefox versions 3.5.x through 3.5.3, update to version 3.5.4 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-3375

DSA-1922-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

RHSA-2009:1530

RHSA-2009:1531

RHSA-2009_1530

RHSA-2009_1531

Affected Products

Firefox

Red Hat

PT-2009-5682 · Mozilla+1 · Firefox+1

CVE-2009-3375

Weakness Enumeration

Related Identifiers

Affected Products

References · 2092