CVE-2009-2462

2009-07-2218:30:00

CWE-399

[email protected]

web.nvd.nist.gov

mozilla

firefox

thunderbird

remote attackers

denial of service

memory corruption

application crash

arbitrary code

security vulnerability

9.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.903 High

EPSS

Percentile

98.8%

JSON

The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq0.1
mozilla:firefoxmozilla firefoxeq0.9_rc
mozilla:firefoxmozilla firefoxeq0.8
mozilla:firefoxmozilla firefoxeq2.0.0.12
mozilla:firefoxmozilla firefoxeq1.5
mozilla:firefoxmozilla firefoxeq2.0_.7
mozilla:thunderbirdmozilla thunderbirdeq2.0.0.4
mozilla:firefoxmozilla firefoxeq3.0.7
mozilla:firefoxmozilla firefoxeq1.5.2
mozilla:thunderbirdmozilla thunderbirdeq2.0.0.6

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	0.1
mozilla:firefox	mozilla firefox	eq	0.9_rc
mozilla:firefox	mozilla firefox	eq	0.8
mozilla:firefox	mozilla firefox	eq	2.0.0.12
mozilla:firefox	mozilla firefox	eq	1.5
mozilla:firefox	mozilla firefox	eq	2.0_.7
mozilla:thunderbird	mozilla thunderbird	eq	2.0.0.4
mozilla:firefox	mozilla firefox	eq	3.0.7
mozilla:firefox	mozilla firefox	eq	1.5.2
mozilla:thunderbird	mozilla thunderbird	eq	2.0.0.6