CVE-2009-1571

Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=526500
http://secunia.com/advisories/37242	Vendor Advisory
http://secunia.com/secunia_research/2009-45/	Vendor Advisory
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html	Vendor Advisory
http://www.vupen.com/english/advisories/2010/0405	Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
http://www.redhat.com/support/errata/RHSA-2010-0112.html
http://www.ubuntu.com/usn/USN-895-1
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
http://www.ubuntu.com/usn/USN-896-1
http://www.debian.org/security/2010/dsa-1999
http://www.redhat.com/support/errata/RHSA-2010-0113.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
http://secunia.com/advisories/38770
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.vupen.com/english/advisories/2010/0650
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:051
http://secunia.com/advisories/38772
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
http://secunia.com/advisories/38847
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/56361
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227
http://www.securityfocus.com/archive/1/509585/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:3.0:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.15:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.17:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.9:::::::*
	cpe:2.3:a:mozilla:firefox:3.0:alpha::::::
	cpe:2.3:a:mozilla:firefox:3.5.4:::::::*
	cpe:2.3:a:mozilla:firefox:3.5.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
	cpe:2.3:a:mozilla:firefox:3.5.6:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.2:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.17:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
	cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:3.5.7:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.14:::::::*
	cpe:2.3:a:mozilla:firefox:3.0:beta2::::::
	cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.10:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.2:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::*
	cpe:2.3:a:mozilla:firefox:3.0:beta5::::::
	cpe:2.3:a:mozilla:firefox:3.0.13:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:3.5.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.7:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::*
	cpe:2.3:a:mozilla:firefox:3.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
	cpe:2.3:a:mozilla:firefox:3.0.4:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0:rc2::::::
	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
	cpe:2.3:a:mozilla:firefox:3.0.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0:alpha::::::
	cpe:2.3:a:mozilla:firefox:3.5.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
	cpe:2.3:a:mozilla:firefox:3.5.2:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.14:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
	cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.12:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.15:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.6:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.16:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
	cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::*
cpe:2.3:a:mozilla:firefox:3.0.11:::::::*

Information

Published : 2010-02-22 05:00

Updated : 2018-10-10 12:37

NVD link : CVE-2009-1571

Mitre link : CVE-2009-1571

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Products Affected

mozilla

firefox
seamonkey

10.0 /10