9.5 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.454 Medium
EPSS
Percentile
97.4%
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that “dynamically unloads itself from an outside JavaScript function,” which triggers an access of an expired memory address.
lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
secunia.com/advisories/32684
secunia.com/advisories/32693
secunia.com/advisories/32694
secunia.com/advisories/32714
secunia.com/advisories/32778
secunia.com/advisories/32845
secunia.com/advisories/32853
secunia.com/advisories/33433
secunia.com/advisories/34501
sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
ubuntu.com/usn/usn-667-1
www.debian.org/security/2008/dsa-1669
www.debian.org/security/2008/dsa-1671
www.debian.org/security/2009/dsa-1697
www.mandriva.com/security/advisories?name=MDVSA-2008:228
www.mozilla.org/security/announce/2008/mfsa2008-49.html
www.redhat.com/support/errata/RHSA-2008-0977.html
www.securityfocus.com/bid/32281
www.securitytracker.com/id?1021181
www.us-cert.gov/cas/techalerts/TA08-319A.html
www.vupen.com/english/advisories/2008/3146
www.vupen.com/english/advisories/2009/0977
bugzilla.mozilla.org/show_bug.cgi?id=433610
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9660
www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html