Security researcher Gregory Fleischer reported
that the exception messages generated by
Mozilla's GeckoActiveXObject
differ based on whether or
not the requested COM object's ProgID is present in the system
registry. A malicious site could use this vulnerability to enumerate
a list of COM objects installed on a user's system and create a
profile to track the user across browsing sessions.