VYPR
Unrated severityNVD Advisory· Published Aug 4, 2009· Updated Jun 16, 2026

CVE-2009-2665

CVE-2009-2665

Description

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
    • (no CPE)range: <3.5.2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.