CVE-2009-3375

EUVD-2009-3357
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
3.0
mozillafirefox
3.0:alpha
mozillafirefox
3.0:beta2
mozillafirefox
3.0:beta5
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
mozillafirefox
3.0.6
mozillafirefox
3.0.7
mozillafirefox
3.0.8
mozillafirefox
3.0.9
mozillafirefox
3.0.10
mozillafirefox
3.0.11
mozillafirefox
3.0.12
mozillafirefox
3.0.13
mozillafirefox
3.5
mozillafirefox
3.5.1
mozillafirefox
3.5.2
mozillafirefox
3.5.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox-3.0
dapper
dne
hardy
Fixed 3.0.15+nobinonly-0ubuntu0.8.04.1
released
intrepid
Fixed 3.0.15+nobinonly-0ubuntu0.8.10.1
released
jaunty
Fixed 3.0.15+nobinonly-0ubuntu0.9.04.1
released
karmic
dne
firefox-3.5
dapper
dne
hardy
dne
intrepid
dne
jaunty
Fixed 3.5.4+nobinonly-0ubuntu0.9.04.1
released
karmic
Fixed 3.5.4+nobinonly-0ubuntu0.9.10.1
released
xulrunner-1.9
dapper
dne
hardy
Fixed 1.9.0.15+nobinonly-0ubuntu0.8.04.1
released
intrepid
Fixed 1.9.0.15+nobinonly-0ubuntu0.8.10.1
released
jaunty
Fixed 1.9.0.15+nobinonly-0ubuntu0.9.04.1
released
karmic
dne
xulrunner-1.9.1
dapper
dne
hardy
dne
intrepid
dne
jaunty
Fixed 1.9.1.4+nobinonly-0ubuntu0.9.04.3
released
karmic
Fixed 1.9.1.4+nobinonly-0ubuntu0.9.10.1
released
Common Weakness Enumeration
References
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://www.mozilla.org/security/announce/2009/mfsa2009-61.html
http://www.vupen.com/english/advisories/2009/3334
https://bugzilla.mozilla.org/show_bug.cgi?id=503226
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10440
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5935
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://www.mozilla.org/security/announce/2009/mfsa2009-61.html
http://www.vupen.com/english/advisories/2009/3334
https://bugzilla.mozilla.org/show_bug.cgi?id=503226
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10440
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5935