Mozilla Firefox document.getSelection() Cross-origin Data Theft Vulnerability
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2009-3375
Data do informe: 21 julho 2015
Descrição
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1003799
Trend Micro Deep Security DPI Rule Name: 1003799 - Mozilla Firefox document.getSelection() Cross-origin Data Theft Vulnerability
Software infectado e versão:
- Mozilla Firefox 3.0
- Mozilla Firefox 3.0.1
- Mozilla Firefox 3.0.10
- Mozilla Firefox 3.0.11
- Mozilla Firefox 3.0.12
- Mozilla Firefox 3.0.13
- Mozilla Firefox 3.0.2
- Mozilla Firefox 3.0.3
- Mozilla Firefox 3.0.4
- Mozilla Firefox 3.0.5
- Mozilla Firefox 3.0.6
- Mozilla Firefox 3.0.7
- Mozilla Firefox 3.0.8
- Mozilla Firefox 3.0.9
- Mozilla Firefox 3.5
- Mozilla Firefox 3.5.2
- Mozilla Firefox 3.5.3