Home

CVE-2009-2665

Description

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.

Risk Information

Base Score
8.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
1.362

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 3.5.2Windows
Multiple vulnerabilities affected in Mozilla_Firefox 3.5.2Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.5Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.5.1Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.5.2Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.5Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.5.1Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.5.2Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343016Mozilla Firefox (x64) (132.0.2)
PATCH-343015Mozilla Firefox (132.0.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234