{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2637?format=json","vulnerability_id":"VCID-hfx9-d6d1-5kbv","summary":"Security researcher Gregory Fleischer reported\nthat the exception messages generated by\nMozilla's GeckoActiveXObject differ based on whether or\nnot the requested COM object's ProgID is present in the system\nregistry.  A malicious site could use this vulnerability to enumerate\na list of COM objects installed on a user's system and create a\nprofile to track the user across browsing sessions.","aliases":[{"alias":"CVE-2009-3987"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1128?format=json","purl":"pkg:mozilla/Firefox@3.0.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/1127?format=json","purl":"pkg:mozilla/Firefox@3.5.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/1129?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.1"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987","reference_id":"CVE-2009-3987","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-71","reference_id":"mfsa2009-71","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-71"}],"weaknesses":[],"exploits":[],"severity_range_score":"0.1 - 3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfx9-d6d1-5kbv"}