CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
EPSS
Percentile
77.8%
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x
before 3.5.6, and SeaMonkey before 2.0.1, generates different exception
messages depending on whether the referenced COM object is listed in the
registry, which allows remote attackers to obtain potentially sensitive
information about installed software by making multiple calls that specify
the ProgID values of different COM objects.
Author | Note |
---|---|
jdstrand | Windows only (ActiveX) |