Lucene search

K
cve[email protected]CVE-2009-1313
HistoryApr 30, 2009 - 9:30 p.m.

CVE-2009-1313

2009-04-3021:30:00
CWE-399
web.nvd.nist.gov
33
cve-2009-1313
mozilla firefox
nstextframe::cleartextrun
memory corruption
remote code execution

9.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%

The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq3.0.9

9.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%