Lucene search

[email protected]NVD:CVE-2009-1571

HistoryFeb 22, 2010 - 1:00 p.m.

CVE-2009-1571

2010-02-2213:00:01

CWE-94

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.151 Low

EPSS

Percentile

95.9%

JSON

Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.

Affected configurations

NVD

Node

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0alpha

mozillafirefoxMatch3.0beta2

mozillafirefoxMatch3.0beta5

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0.7

mozillafirefoxMatch3.0.8

mozillafirefoxMatch3.0.9

mozillafirefoxMatch3.0.10

mozillafirefoxMatch3.0.11

mozillafirefoxMatch3.0.12

mozillafirefoxMatch3.0.13

mozillafirefoxMatch3.0.14

mozillafirefoxMatch3.0.15

mozillafirefoxMatch3.0.17

mozillafirefoxMatch3.5

mozillafirefoxMatch3.5.1

mozillafirefoxMatch3.5.2

mozillafirefoxMatch3.5.3

mozillafirefoxMatch3.5.4

mozillafirefoxMatch3.5.5

mozillafirefoxMatch3.5.6

mozillafirefoxMatch3.5.7

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillaseamonkeyMatch1.1.14

mozillaseamonkeyMatch1.1.15

mozillaseamonkeyMatch1.1.16

mozillaseamonkeyMatch1.1.17

mozillaseamonkeyMatch2.0

mozillaseamonkeyMatch2.0alpha_2

mozillaseamonkeyMatch2.0alpha_3

mozillaseamonkeyMatch2.0beta_1

mozillaseamonkeyMatch2.0beta_2

mozillaseamonkeyMatch2.0rc1

mozillaseamonkeyMatch2.0rc2

mozillaseamonkeyMatch2.0.1

mozillaseamonkeyMatch2.0.2

References

lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html

lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html

lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html

lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html

secunia.com/advisories/37242

secunia.com/advisories/38770

secunia.com/advisories/38772

secunia.com/advisories/38847

secunia.com/secunia_research/2009-45/

www.debian.org/security/2010/dsa-1999

www.mandriva.com/security/advisories?name=MDVSA-2010:042

www.mandriva.com/security/advisories?name=MDVSA-2010:051

www.mozilla.org/security/announce/2010/mfsa2010-03.html

www.redhat.com/support/errata/RHSA-2010-0112.html

www.redhat.com/support/errata/RHSA-2010-0113.html

www.redhat.com/support/errata/RHSA-2010-0153.html

www.redhat.com/support/errata/RHSA-2010-0154.html

www.securityfocus.com/archive/1/509585/100/0/threaded

www.ubuntu.com/usn/USN-895-1

www.ubuntu.com/usn/USN-896-1

www.vupen.com/english/advisories/2010/0405

www.vupen.com/english/advisories/2010/0650

bugzilla.mozilla.org/show_bug.cgi?id=526500

exchange.xforce.ibmcloud.com/vulnerabilities/56361

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.151 Low

EPSS

Percentile

95.9%

JSON

Related for NVD:CVE-2009-1571

prion4 cvelist4 veracode1 cve4 ubuntucve1 nessus27 mozilla1 openvas102 seebug1 securityvulns3 nvd3 fedora34 redhat2 centos2 oraclelinux2 ubuntu2 osv1 freebsd1 suse1 debian3