5

CVE-2009-1302

Exploit
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version3.0
MozillaFirefox Version3.0.1
MozillaFirefox Version3.0.2
MozillaFirefox Version3.0.3
MozillaFirefox Version3.0.4
MozillaFirefox Version3.0.5
MozillaFirefox Version3.0.6
MozillaFirefox Version3.0.7
MozillaFirefox Version3.0.8
MozillaSeamonkey Version <= 1.1.13
MozillaSeamonkey Version1.0
MozillaSeamonkey Version1.0.1
MozillaSeamonkey Version1.0.2
MozillaSeamonkey Version1.0.3
MozillaSeamonkey Version1.0.5
MozillaSeamonkey Version1.0.6
MozillaSeamonkey Version1.0.7
MozillaSeamonkey Version1.0.8
MozillaSeamonkey Version1.0.9
MozillaSeamonkey Version1.1
MozillaSeamonkey Version1.1 Updatealpha
MozillaSeamonkey Version1.1 Updatebeta
MozillaSeamonkey Version1.1.1
MozillaSeamonkey Version1.1.2
MozillaSeamonkey Version1.1.3
MozillaSeamonkey Version1.1.4
MozillaSeamonkey Version1.1.5
MozillaSeamonkey Version1.1.6
MozillaSeamonkey Version1.1.7
MozillaSeamonkey Version1.1.8
MozillaSeamonkey Version1.1.9
MozillaSeamonkey Version1.1.10
MozillaSeamonkey Version1.1.11
MozillaSeamonkey Version1.1.12
MozillaSeamonkey Version1.1.14
MozillaSeamonkey Version1.1.15
MozillaThunderbird Version <= 2.0.0.19
MozillaThunderbird Version1.0
MozillaThunderbird Version1.0.1
MozillaThunderbird Version1.0.2
MozillaThunderbird Version1.0.3
MozillaThunderbird Version1.0.4
MozillaThunderbird Version1.0.5
MozillaThunderbird Version1.0.5 Updatebeta
MozillaThunderbird Version1.0.6
MozillaThunderbird Version1.0.7
MozillaThunderbird Version1.0.8
MozillaThunderbird Version1.5
MozillaThunderbird Version1.5 Updatebeta2
MozillaThunderbird Version1.5.0.1
MozillaThunderbird Version1.5.0.2
MozillaThunderbird Version1.5.0.3
MozillaThunderbird Version1.5.0.4
MozillaThunderbird Version1.5.0.5
MozillaThunderbird Version1.5.0.6
MozillaThunderbird Version1.5.0.7
MozillaThunderbird Version1.5.0.8
MozillaThunderbird Version1.5.0.9
MozillaThunderbird Version1.5.0.10
MozillaThunderbird Version1.5.0.11
MozillaThunderbird Version1.5.0.12
MozillaThunderbird Version1.5.0.13
MozillaThunderbird Version1.5.0.14
MozillaThunderbird Version1.5.1
MozillaThunderbird Version1.5.2
MozillaThunderbird Version2.0.0.0
MozillaThunderbird Version2.0.0.4
MozillaThunderbird Version2.0.0.5
MozillaThunderbird Version2.0.0.6
MozillaThunderbird Version2.0.0.9
MozillaThunderbird Version2.0.0.12
MozillaThunderbird Version2.0.0.14
MozillaThunderbird Version2.0.0.16
MozillaThunderbird Version2.0.0.17
MozillaThunderbird Version2.0.0.18
MozillaThunderbird Version2.0.0.20
MozillaThunderbird Version2.0.0.21
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.9% 0.851
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/35065
http://www.debian.org/security/2009/dsa-1830
http://secunia.com/advisories/34843
http://secunia.com/advisories/34894
http://secunia.com/advisories/35042
http://www.debian.org/security/2009/dsa-1797
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
http://www.redhat.com/support/errata/RHSA-2009-0436.html
http://www.vupen.com/english/advisories/2009/1125
https://usn.ubuntu.com/764-1/
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
http://secunia.com/advisories/34758
http://secunia.com/advisories/34780
http://secunia.com/advisories/35602
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
Vendor Advisory
http://www.securityfocus.com/bid/34656
http://www.securitytracker.com/id?1022090
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
https://bugzilla.mozilla.org/show_bug.cgi?id=428113
https://bugzilla.mozilla.org/show_bug.cgi?id=431260
Exploit
https://bugzilla.mozilla.org/show_bug.cgi?id=432114
Exploit
https://bugzilla.mozilla.org/show_bug.cgi?id=454276
Exploit
https://bugzilla.mozilla.org/show_bug.cgi?id=461053
https://bugzilla.mozilla.org/show_bug.cgi?id=462517
https://bugzilla.mozilla.org/show_bug.cgi?id=467881
Exploit
https://bugzilla.mozilla.org/show_bug.cgi?id=477775
https://bugzilla.mozilla.org/show_bug.cgi?id=483444
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5527
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6170
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7030