CVE-2009-3987 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-3987 Interim 1 5 2023-12-09T02:01:09Z current 2021-05-30T12:49:12Z 2023-12-09T02:01:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-3987 The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TQKKCXCCJNXZGT3RQKVHND7NFINIQDSH/#TQKKCXCCJNXZGT3RQKVHND7NFINIQDSH E-Mail link for SUSE-SR:2009:020 https://www.suse.com/support/security/rating/ SUSE Security Ratings The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. CVE-2009-3987 important 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N