Mozilla Firefox document.getSelection() Cross-origin Data Theft Vulnerability
Severity: MEDIUM
CVE Identifier: CVE-2009-3375
Advisory Date: JUL 21, 2015
DESCRIPTION
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1003799
Trend Micro Deep Security DPI Rule Name: 1003799 - Mozilla Firefox document.getSelection() Cross-origin Data Theft Vulnerability
AFFECTED SOFTWARE AND VERSION
- Mozilla Firefox 3.0
- Mozilla Firefox 3.0.1
- Mozilla Firefox 3.0.10
- Mozilla Firefox 3.0.11
- Mozilla Firefox 3.0.12
- Mozilla Firefox 3.0.13
- Mozilla Firefox 3.0.2
- Mozilla Firefox 3.0.3
- Mozilla Firefox 3.0.4
- Mozilla Firefox 3.0.5
- Mozilla Firefox 3.0.6
- Mozilla Firefox 3.0.7
- Mozilla Firefox 3.0.8
- Mozilla Firefox 3.0.9
- Mozilla Firefox 3.5
- Mozilla Firefox 3.5.2
- Mozilla Firefox 3.5.3