Mozilla Firefox document.getSelection() Cross-origin Data Theft Vulnerability
Publish Date: 21 luglio 2015
Gravità: : Medio
Identificatori CVE: CVE-2009-3375
Data notifica: 21 luglio 2015
Descrizione
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1003799
Trend Micro Deep Security DPI Rule Name: 1003799 - Mozilla Firefox document.getSelection() Cross-origin Data Theft Vulnerability
Software e versione interessati:
- Mozilla Firefox 3.0
- Mozilla Firefox 3.0.1
- Mozilla Firefox 3.0.10
- Mozilla Firefox 3.0.11
- Mozilla Firefox 3.0.12
- Mozilla Firefox 3.0.13
- Mozilla Firefox 3.0.2
- Mozilla Firefox 3.0.3
- Mozilla Firefox 3.0.4
- Mozilla Firefox 3.0.5
- Mozilla Firefox 3.0.6
- Mozilla Firefox 3.0.7
- Mozilla Firefox 3.0.8
- Mozilla Firefox 3.0.9
- Mozilla Firefox 3.5
- Mozilla Firefox 3.5.2
- Mozilla Firefox 3.5.3