Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2009-2535
HistoryJul 20, 2009 - 12:00 a.m.

CVE-2009-2535

2009-07-2000:00:00
ubuntu.com
ubuntu.com
8

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.034 Low

EPSS

Percentile

91.3%

JSON

Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and
Thunderbird allow remote attackers to cause a denial of service (memory
consumption and application crash) via a large integer value for the length
property of a Select object, a related issue to CVE-2009-1692.

Bugs

Notes

Author Note
mdeslaur PoC: http://www.milw0rm.com/exploits/9160 It appears this was fixed in Firefox 3.0.5 and 2.0.0.19
jdstrand CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package.
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchseamonkey< 1.1.17+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu9.04noarchseamonkey< 1.1.17+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchseamonkey< 1.1.17+nobinonly-0ubuntu1UNKNOWN
ubuntu9.04noarchxulrunner-1.9.1< 1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2UNKNOWN

Related

cve 10
openvas 23
prion 10
securityvulns 2
debiancve 1
ubuntucve 2
seebug 1
packetstorm 1
exploitpack 1
exploitdb 1
nessus 9
debian 1
osv 1
gentoo 1
cve
cve
CVE-2009-2535
2009-07-20 18:30:00
CVE-2009-1692
2009-06-19 16:30:00
CVE-2009-2540
2009-07-20 18:30:00
openvas
openvas
Mozilla Products 'select()' Denial Of Service Vulnerability - Windows
2009-07-22 00:00:00
Mozilla Products 'select()' Denial Of Service Vulnerability (Windows)
2009-07-22 00:00:00
Mozilla Products 'select()' Denial Of Service Vulnerability (Linux)
2009-07-22 00:00:00
prion
prion
Design/Logic Flaw
2009-07-20 18:30:00
Code injection
2009-06-19 16:30:00
Design/Logic Flaw
2009-07-20 18:30:00
securityvulns
securityvulns
[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
2009-07-16 00:00:00
Multiple browsers DoS
2009-07-21 00:00:00
debiancve
debiancve
CVE-2009-1692
2009-06-19 16:30:00
ubuntucve
ubuntucve
CVE-2009-1692
2009-06-19 00:00:00
CVE-2009-2537
2009-07-20 00:00:00
seebug
seebug
Multiple Web Browsers Denial of Service Exploit (1 bug to rule them all)
2009-07-15 00:00:00
packetstorm
packetstorm
ECMAScript Denial Of Service
2009-07-17 00:00:00
exploitpack
exploitpack
Multiple Browsers - Denial of Service
2009-07-15 00:00:00
exploitdb
exploitdb
Multiple Browsers - Denial of Service
2009-07-15 00:00:00
nessus
nessus
Google Chrome < 2.0.172.37 Multiple Vulnerabilities
2009-07-17 00:00:00
Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:028)
2010-07-30 00:00:00
Firefox < 2.0.0.19 / 3.0.5 Multiple Vulnerabilities
2008-12-17 00:00:00
debian
debian
[SECURITY] [DSA-1950-1] New webkit packages fix several vulnerabilities
2009-12-12 10:10:15
osv
osv
webkit - several vulnerabilities
2009-12-12 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.034 Low

EPSS

Percentile

91.3%

JSON
Related for UB:CVE-2009-2535
cve10openvas23prion10securityvulns2debiancve1ubuntucve2seebug1packetstorm1exploitpack1exploitdb1nessus9debian1osv1gentoo1