CVE-2009-2665

CVE-2009-2665 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.

Learn more about our Cis Benchmark Audit For Google Chrome.