Mozilla Firefox document.getSelection() Cross-origin Data Theft Vulnerability
Publish Date: 21 de июля de 2015
Severity: : Medium
CVE Kennungen: : CVE-2009-3375
Advisory Date: 21 de июля de 2015
DESCRIPTION
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1003799
Trend Micro Deep Security DPI Rule Name: 1003799 - Mozilla Firefox document.getSelection() Cross-origin Data Theft Vulnerability
AFFECTED SOFTWARE AND VERSION:
- Mozilla Firefox 3.0
- Mozilla Firefox 3.0.1
- Mozilla Firefox 3.0.10
- Mozilla Firefox 3.0.11
- Mozilla Firefox 3.0.12
- Mozilla Firefox 3.0.13
- Mozilla Firefox 3.0.2
- Mozilla Firefox 3.0.3
- Mozilla Firefox 3.0.4
- Mozilla Firefox 3.0.5
- Mozilla Firefox 3.0.6
- Mozilla Firefox 3.0.7
- Mozilla Firefox 3.0.8
- Mozilla Firefox 3.0.9
- Mozilla Firefox 3.5
- Mozilla Firefox 3.5.2
- Mozilla Firefox 3.5.3