Lucene search
SecurityvulnsSECURITYVULNS:DOC:22702HistoryOct 28, 2009 - 12:00 a.m.
Mozilla Foundation Security Advisory 2009-61
2009-10-2800:00:00
vulners.com
16
Mozilla Foundation Security Advisory 2009-61
Title: Cross-origin data theft through document.getSelection()
Impact: Moderate
Announced: October 27, 2009
Reporter: Gregory Fleischer
Products: Firefox 3
Fixed in: Firefox 3.5.4
Firefox 3.0.15
This vulnerability does not affect products based on the older Gecko 1.8 engine such as Firefox 2 or SeaMonkey 1.1
Description
Security researcher Gregory Fleischer reported that text within a selection on a web page can be read by JavaScript in a different domain using the document.getSelection function, violating the same-origin policy. Since this vulnerability requires user interaction to exploit, its severity was determined to be moderate.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=503226
* CVE-2009-3375
Related
seebug
seebug
Firefox document.getSelectθ·¨εδΏ‘ζ―ζ³ι²ζΌζ΄
2009-11-03 00:00:00
prion
prion
Design/Logic Flaw
2009-10-29 14:30:00
cve
cve
CVE-2009-3375
2009-10-29 14:30:00
veracode
veracode
Information Disclosure
2020-04-10 00:36:53
mozilla
mozilla
Cross-origin data theft through document.getSelection() β Mozilla
2009-10-27 00:00:00
ubuntucve
ubuntucve
CVE-2009-3375
2009-10-29 00:00:00
openvas
openvas
CentOS Security Advisory CESA-2009:1531 (seamonkey)
2009-11-11 00:00:00
CentOS Security Advisory CESA-2009:1531 (seamonkey)
2009-11-11 00:00:00
RedHat Security Advisory RHSA-2009:1531
2009-11-11 00:00:00
nessus
nessus
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
Fedora 11 : Miro-2.5.2-5.fc11 / blam-1.8.5-15.fc11 / chmsee-1.0.1-12.fc11 / eclipse-3.4.2-17.fc11 / etc (2009-10878)
2009-10-29 00:00:00
Debian DSA-1922-1 : xulrunner - several vulnerabilities
2010-02-24 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2009-10-28 00:00:00
firefox security update
2009-10-28 00:00:00
centos
centos
seamonkey security update
2009-10-28 13:15:48
firefox, nspr security update
2009-10-28 13:44:04
redhat
redhat
(RHSA-2009:1531) Critical: seamonkey security update
2009-10-27 00:00:00
(RHSA-2009:1530) Critical: firefox security update
2009-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: ruby-gnome2-0.19.3-3.fc11
2009-10-29 02:59:35
[SECURITY] Fedora 11 Update: firefox-3.5.4-1.fc11
2009-10-29 02:59:35
[SECURITY] Fedora 11 Update: mozvoikko-0.9.7-0.8.rc1.fc11
2009-10-29 02:59:35
osv
osv
xulrunner - several vulnerabilities
2009-10-28 00:00:00
debian
debian
[SECURITY] [DSA 1922-1] New xulrunner packages fix several vulnerabilities
2009-10-28 21:13:30
vmware
vmware
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner regression
2009-11-11 00:00:00
Firefox and Xulrunner vulnerabilities
2009-10-31 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-11-04 14:24:35
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-10-27 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2009-11-05 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
Related for SECURITYVULNS:DOC:22702