CVE-2009-2464

2009-07-2218:30:00

CWE-399

[email protected]

web.nvd.nist.gov

mozilla

firefox

seamonkey

thunderbird

memory corruption

cve-2009-2464

security vulnerability

application crash

remote code execution

nvd

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.58 Medium

EPSS

Percentile

97.7%

JSON

The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq0.1
mozilla:firefoxmozilla firefoxeq0.9_rc
mozilla:firefoxmozilla firefoxeq0.8
mozilla:firefoxmozilla firefoxeq2.0.0.12
mozilla:firefoxmozilla firefoxeq1.5
mozilla:thunderbirdmozilla thunderbirdeq2.0.0.4
mozilla:firefoxmozilla firefoxeq3.0.7
mozilla:firefoxmozilla firefoxeq1.5.2
mozilla:thunderbirdmozilla thunderbirdeq2.0.0.6
mozilla:firefoxmozilla firefoxeq3.0.9

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	0.1
mozilla:firefox	mozilla firefox	eq	0.9_rc
mozilla:firefox	mozilla firefox	eq	0.8
mozilla:firefox	mozilla firefox	eq	2.0.0.12
mozilla:firefox	mozilla firefox	eq	1.5
mozilla:thunderbird	mozilla thunderbird	eq	2.0.0.4
mozilla:firefox	mozilla firefox	eq	3.0.7
mozilla:firefox	mozilla firefox	eq	1.5.2
mozilla:thunderbird	mozilla thunderbird	eq	2.0.0.6
mozilla:firefox	mozilla firefox	eq	3.0.9