CVE-2009-3987 Information

Description

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 generates different exception messages depending on whether the referenced COM object is listed in the registry which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.

Reference

http://secunia.com/advisories/37699 http://secunia.com/advisories/37785 http://securitytracker.com/id?1023346 http://securitytracker.com/id?1023347 http://www.mozilla.org/security/announce/2009/mfsa2009-71.html http://www.securityfocus.com/bid/37349 http://www.securityfocus.com/bid/37360 http://www.vupen.com/english/advisories/2009/3547 https://bugzilla.mozilla.org/show_bug.cgi?id=503451 https://bugzilla.redhat.com/show_bug.cgi?id=546729 https://exchange.xforce.ibmcloud.com/vulnerabilities/54798 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7958