Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-2463
HistoryJul 22, 2009 - 12:00 a.m.

CVE-2009-2463

2009-07-2200:00:00
ubuntu.com
ubuntu.com
16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.083 Low

EPSS

Percentile

94.2%

Multiple integer overflows in the (1) PL_Base64Decode and (2)
PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla
Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before
1.1.19 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code via
unspecified vectors that trigger buffer overflows.

Notes

Author Note
jdstrand CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package.
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchthunderbird< 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu8.10noarchthunderbird< 2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1UNKNOWN
ubuntu9.04noarchthunderbird< 2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchthunderbird< 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1UNKNOWN
ubuntu8.04noarchxulrunner-1.9< 1.9.0.12+build1+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu8.10noarchxulrunner-1.9< 1.9.0.12+build1+nobinonly-0ubuntu0.8.10.2UNKNOWN
ubuntu9.04noarchxulrunner-1.9< 1.9.0.12+build1+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.04noarchxulrunner-1.9.1< 1.9.1.1+build1+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchxulrunner-1.9.1< 1.9.1.1+build1+nobinonly-0ubuntu1UNKNOWN

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.083 Low

EPSS

Percentile

94.2%