9.3

CVE-2009-1392

Exploit

The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version3.0
MozillaFirefox Version3.0 Updatealpha
MozillaFirefox Version3.0 Updatebeta2
MozillaFirefox Version3.0.1
MozillaFirefox Version3.0.2
MozillaFirefox Version3.0.3
MozillaFirefox Version3.0.4
MozillaFirefox Version3.0.5
MozillaFirefox Version3.0.6
MozillaFirefox Version3.0.7
MozillaFirefox Version3.0.8
MozillaFirefox Version3.0.9
MozillaFirefox Version3.0.10
MozillaSeamonkey Version <= 1.1.16
MozillaSeamonkey Version1.0
MozillaSeamonkey Version1.0 Editionalpha
MozillaSeamonkey Version1.0 Editionbeta
MozillaSeamonkey Version1.0 Editiondev
MozillaSeamonkey Version1.0 Updatealpha
MozillaSeamonkey Version1.0 Updatebeta
MozillaSeamonkey Version1.0.1
MozillaSeamonkey Version1.0.3
MozillaSeamonkey Version1.0.4
MozillaSeamonkey Version1.0.6
MozillaSeamonkey Version1.0.8
MozillaSeamonkey Version1.0.9
MozillaSeamonkey Version1.0.99
MozillaSeamonkey Version1.1
MozillaSeamonkey Version1.1 Updatealpha
MozillaSeamonkey Version1.1 Updatebeta
MozillaSeamonkey Version1.1.1
MozillaSeamonkey Version1.1.3
MozillaSeamonkey Version1.1.5
MozillaSeamonkey Version1.1.5 Update1.1.10
MozillaSeamonkey Version1.1.6
MozillaSeamonkey Version1.1.7
MozillaSeamonkey Version1.1.8
MozillaSeamonkey Version1.1.9
MozillaSeamonkey Version1.1.10
MozillaSeamonkey Version1.1.11
MozillaSeamonkey Version1.1.12
MozillaSeamonkey Version1.1.13
MozillaSeamonkey Version1.1.15
MozillaThunderbird Version <= 2.0.0.19
MozillaThunderbird Version0.1
MozillaThunderbird Version0.2
MozillaThunderbird Version0.3
MozillaThunderbird Version0.4
MozillaThunderbird Version0.5
MozillaThunderbird Version0.6
MozillaThunderbird Version0.7
MozillaThunderbird Version0.7.1
MozillaThunderbird Version0.7.2
MozillaThunderbird Version0.7.3
MozillaThunderbird Version0.8
MozillaThunderbird Version0.9
MozillaThunderbird Version1.0
MozillaThunderbird Version1.0.1
MozillaThunderbird Version1.0.2
MozillaThunderbird Version1.0.3
MozillaThunderbird Version1.0.4
MozillaThunderbird Version1.0.5
MozillaThunderbird Version1.0.5 Updatebeta
MozillaThunderbird Version1.0.6
MozillaThunderbird Version1.0.7
MozillaThunderbird Version1.0.8
MozillaThunderbird Version1.5
MozillaThunderbird Version1.5 Updatebeta2
MozillaThunderbird Version1.5.0.1
MozillaThunderbird Version1.5.0.2
MozillaThunderbird Version1.5.0.3
MozillaThunderbird Version1.5.0.4
MozillaThunderbird Version1.5.0.5
MozillaThunderbird Version1.5.0.6
MozillaThunderbird Version1.5.0.7
MozillaThunderbird Version1.5.0.8
MozillaThunderbird Version1.5.0.9
MozillaThunderbird Version1.5.0.10
MozillaThunderbird Version1.5.0.11
MozillaThunderbird Version1.5.0.12
MozillaThunderbird Version1.5.0.13
MozillaThunderbird Version1.5.0.14
MozillaThunderbird Version1.5.1
MozillaThunderbird Version1.5.2
MozillaThunderbird Version1.7.1
MozillaThunderbird Version1.7.3
MozillaThunderbird Version2.0.0.0
MozillaThunderbird Version2.0.0.1
MozillaThunderbird Version2.0.0.2
MozillaThunderbird Version2.0.0.3
MozillaThunderbird Version2.0.0.4
MozillaThunderbird Version2.0.0.5
MozillaThunderbird Version2.0.0.6
MozillaThunderbird Version2.0.0.7
MozillaThunderbird Version2.0.0.8
MozillaThunderbird Version2.0.0.9
MozillaThunderbird Version2.0.0.11
MozillaThunderbird Version2.0.0.12
MozillaThunderbird Version2.0.0.13
MozillaThunderbird Version2.0.0.14
MozillaThunderbird Version2.0.0.15
MozillaThunderbird Version2.0.0.16
MozillaThunderbird Version2.0.0.17
MozillaThunderbird Version2.0.0.18
MozillaThunderbird Version2.0_.4
MozillaThunderbird Version2.0_.5
MozillaThunderbird Version2.0_.6
MozillaThunderbird Version2.0_.9
MozillaThunderbird Version2.0_.12
MozillaThunderbird Version2.0_.13
MozillaThunderbird Version2.0_.14
MozillaThunderbird Version2.0_8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.73% 0.944
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.