Lucene search

[email protected]NVD:CVE-2009-2462

HistoryJul 22, 2009 - 6:30 p.m.

CVE-2009-2462

2009-07-2218:30:00

CWE-399

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.903 High

EPSS

Percentile

98.8%

JSON

The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition.

Affected configurations

NVD

Node

mozillafirefoxRange≤3.0.11

mozillafirefoxMatch0.1

mozillafirefoxMatch0.2

mozillafirefoxMatch0.3

mozillafirefoxMatch0.4

mozillafirefoxMatch0.5

mozillafirefoxMatch0.6

mozillafirefoxMatch0.6.1

mozillafirefoxMatch0.7

mozillafirefoxMatch0.7.1

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.9_rc

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0preview_release

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.6linux

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.4.1

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5beta1

mozillafirefoxMatch1.5beta2

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch1.5.0.11

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch1.5.1

mozillafirefoxMatch1.5.2

mozillafirefoxMatch1.5.3

mozillafirefoxMatch1.5.4

mozillafirefoxMatch1.5.5

mozillafirefoxMatch1.5.6

mozillafirefoxMatch1.5.7

mozillafirefoxMatch1.5.8

mozillafirefoxMatch1.8

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0beta_1

mozillafirefoxMatch2.0beta1

mozillafirefoxMatch2.0rc2

mozillafirefoxMatch2.0rc3

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillafirefoxMatch2.0.0.13

mozillafirefoxMatch2.0.0.14

mozillafirefoxMatch2.0.0.15

mozillafirefoxMatch2.0.0.16

mozillafirefoxMatch2.0.0.17

mozillafirefoxMatch2.0.0.18

mozillafirefoxMatch2.0.0.19

mozillafirefoxMatch2.0.0.20

mozillafirefoxMatch2.0.0.21

mozillafirefoxMatch2.0_.1

mozillafirefoxMatch2.0_.4

mozillafirefoxMatch2.0_.5

mozillafirefoxMatch2.0_.6

mozillafirefoxMatch2.0_.7

mozillafirefoxMatch2.0_.9

mozillafirefoxMatch2.0_.10

mozillafirefoxMatch2.0_8

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0alpha

mozillafirefoxMatch3.0beta2

mozillafirefoxMatch3.0beta5

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0.7

mozillafirefoxMatch3.0.8

mozillafirefoxMatch3.0.9

mozillafirefoxMatch3.0.10

mozillathunderbirdMatch2.0.0.0

mozillathunderbirdMatch2.0.0.1

mozillathunderbirdMatch2.0.0.2

mozillathunderbirdMatch2.0.0.3

mozillathunderbirdMatch2.0.0.4

mozillathunderbirdMatch2.0.0.5

mozillathunderbirdMatch2.0.0.6

mozillathunderbirdMatch2.0.0.7

mozillathunderbirdMatch2.0.0.8

mozillathunderbirdMatch2.0.0.9

mozillathunderbirdMatch2.0.0.11

mozillathunderbirdMatch2.0.0.12

mozillathunderbirdMatch2.0.0.13

mozillathunderbirdMatch2.0.0.14

mozillathunderbirdMatch2.0.0.15

mozillathunderbirdMatch2.0.0.16

mozillathunderbirdMatch2.0.0.17

mozillathunderbirdMatch2.0.0.18

mozillathunderbirdMatch2.0.0.19

mozillathunderbirdMatch2.0.0.20

mozillathunderbirdMatch2.0.0.21

References

lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html

rhn.redhat.com/errata/RHSA-2009-1162.html

rhn.redhat.com/errata/RHSA-2009-1163.html

secunia.com/advisories/35914

secunia.com/advisories/35943

secunia.com/advisories/35944

secunia.com/advisories/35947

secunia.com/advisories/36005

secunia.com/advisories/36145

sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1

www.mozilla.org/security/announce/2009/mfsa2009-34.html

www.redhat.com/support/errata/RHSA-2010-0153.html

www.redhat.com/support/errata/RHSA-2010-0154.html

www.securityfocus.com/bid/35758

www.vupen.com/english/advisories/2009/1972

www.vupen.com/english/advisories/2009/2152

www.vupen.com/english/advisories/2010/0650

bugzilla.mozilla.org/show_bug.cgi?id=413085

bugzilla.mozilla.org/show_bug.cgi?id=442227

bugzilla.mozilla.org/show_bug.cgi?id=445177

bugzilla.mozilla.org/show_bug.cgi?id=461861

bugzilla.mozilla.org/show_bug.cgi?id=463350

bugzilla.mozilla.org/show_bug.cgi?id=466763

bugzilla.mozilla.org/show_bug.cgi?id=468211

bugzilla.mozilla.org/show_bug.cgi?id=472668

bugzilla.mozilla.org/show_bug.cgi?id=472950

bugzilla.mozilla.org/show_bug.cgi?id=491134

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10906

www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.903 High

EPSS

Percentile

98.8%

JSON

Related for NVD:CVE-2009-2462

cve1 veracode1 checkpoint_advisories1 prion1 cvelist1 ubuntucve1 nessus29 openvas43 redhat4 centos4 oraclelinux3 mozilla1 securityvulns2 ubuntu1 debian1 fedora18 osv1 suse2 seebug1 gentoo1