CVE-2009-0352

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.

References

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html

http://rhn.redhat.com/errata/RHSA-2009-0256.html

http://secunia.com/advisories/33799

http://secunia.com/advisories/33802

http://secunia.com/advisories/33808

http://secunia.com/advisories/33809

http://secunia.com/advisories/33816

http://secunia.com/advisories/33831

http://secunia.com/advisories/33841

http://secunia.com/advisories/33846

http://secunia.com/advisories/33869

http://secunia.com/advisories/34324

http://secunia.com/advisories/34387

http://secunia.com/advisories/34417

http://secunia.com/advisories/34462

http://secunia.com/advisories/34464

http://secunia.com/advisories/34527

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952

http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm

http://www.debian.org/security/2009/dsa-1830

http://www.mandriva.com/security/advisories?name=MDVSA-2009:044

http://www.mandriva.com/security/advisories?name=MDVSA-2009:083

http://www.mozilla.org/security/announce/2009/mfsa2009-01.html

http://www.redhat.com/support/errata/RHSA-2009-0257.html

http://www.redhat.com/support/errata/RHSA-2009-0258.html

http://www.securityfocus.com/bid/33598

http://www.securitytracker.com/id?1021663

http://www.ubuntu.com/usn/usn-717-1

http://www.vupen.com/english/advisories/2009/0313

https://bugzilla.mozilla.org/show_bug.cgi?id=331088

https://bugzilla.mozilla.org/show_bug.cgi?id=401042

https://bugzilla.mozilla.org/show_bug.cgi?id=416461

https://bugzilla.mozilla.org/show_bug.cgi?id=420697

https://bugzilla.mozilla.org/show_bug.cgi?id=421839

https://bugzilla.mozilla.org/show_bug.cgi?id=422283

https://bugzilla.mozilla.org/show_bug.cgi?id=422301

https://bugzilla.mozilla.org/show_bug.cgi?id=431705

https://bugzilla.mozilla.org/show_bug.cgi?id=437142

https://bugzilla.mozilla.org/show_bug.cgi?id=449006

https://bugzilla.mozilla.org/show_bug.cgi?id=461027

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10699

https://usn.ubuntu.com/741-1/

https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html

Details

Source: MITRE

Published: 2009-02-04

Updated: 2018-10-03

Type: CWE-399

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 1.1.13 (inclusive)

cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to 2.0.0.19 (inclusive)

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
67797Oracle Linux 4 : thunderbird (ELSA-2009-0258)NessusOracle Linux Local Security Checks
critical
67796Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0257)NessusOracle Linux Local Security Checks
critical
67795Oracle Linux 4 / 5 : firefox (ELSA-2009-0256)NessusOracle Linux Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
60553Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60528Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60527Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
44695Debian DSA-1830-1 : icedove - several vulnerabilitiesNessusDebian Local Security Checks
critical
41467SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 6187)NessusSuSE Local Security Checks
critical
40309openSUSE Security Update : seamonkey (seamonkey-1014)NessusSuSE Local Security Checks
critical
40169openSUSE Security Update : MozillaFirefox (MozillaFirefox-509)NessusSuSE Local Security Checks
critical
40133openSUSE Security Update : seamonkey (seamonkey-1014)NessusSuSE Local Security Checks
critical
39886openSUSE Security Update : MozillaFirefox (MozillaFirefox-509)NessusSuSE Local Security Checks
critical
39462openSUSE 10 Security Update : seamonkey (seamonkey-6310)NessusSuSE Local Security Checks
critical
38891CentOS 4 / 5 : thunderbird (CESA-2009:0258)NessusCentOS Local Security Checks
critical
37911Fedora 10 : seamonkey-1.1.15-3.fc10 (2009-3161)NessusFedora Local Security Checks
critical
37673Mandriva Linux Security Advisory : firefox (MDVSA-2009:044)NessusMandriva Local Security Checks
critical
37378Fedora 10 : Miro-1.2.8-2.fc10 / blam-1.8.5-6.fc10 / devhelp-0.22-3.fc10 / epiphany-2.24.3-2.fc10 / etc (2009-1398)NessusFedora Local Security Checks
critical
37220Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-741-1)NessusUbuntu Local Security Checks
critical
37217Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-717-1)NessusUbuntu Local Security Checks
critical
36827Fedora 10 : thunderbird-2.0.0.21-1.fc10 (2009-2882)NessusFedora Local Security Checks
critical
36318Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:083)NessusMandriva Local Security Checks
critical
36199openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6194)NessusSuSE Local Security Checks
critical
36054Fedora 9 : seamonkey-1.1.15-3.fc9 (2009-3101)NessusFedora Local Security Checks
critical
36014RHEL 4 / 5 : thunderbird (RHSA-2009:0258)NessusRed Hat Local Security Checks
critical
36011Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-083-03)NessusSlackware Local Security Checks
critical
36010Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : seamonkey (SSA:2009-083-02)NessusSlackware Local Security Checks
critical
4965SeaMonkey < 1.1.15 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
4964Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
35984Fedora 9 : thunderbird-2.0.0.21-1.fc9 (2009-2884)NessusFedora Local Security Checks
critical
35978SeaMonkey < 1.1.15 Multiple VulnerabilitiesNessusWindows
high
35977Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesNessusWindows
high
35640FreeBSD : firefox -- multiple vulnerabilities (8b491182-f842-11dd-94d9-0030843d3802)NessusFreeBSD Local Security Checks
critical
35604Fedora 9 : Miro-1.2.7-4.fc9 / blam-1.8.5-5.fc9.1 / cairo-dock-1.6.3.1-1.fc9.3 / chmsee-1.0.1-8.fc9 / etc (2009-1399)NessusFedora Local Security Checks
critical
35591CentOS 3 / 4 : seamonkey (CESA-2009:0257)NessusCentOS Local Security Checks
critical
35590CentOS 4 / 5 : firefox (CESA-2009:0256)NessusCentOS Local Security Checks
critical
4922Mozilla Firefox 3.x < 3.0.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
35586RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0257)NessusRed Hat Local Security Checks
critical
35585RHEL 4 / 5 : firefox (RHSA-2009:0256)NessusRed Hat Local Security Checks
critical
35581Firefox 3.0.x < 3.0.6 Multiple VulnerabilitiesNessusWindows
high
801212Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
800869SeaMonkey < 1.1.15 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800752Firefox < 3.0.6 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high