CVE-2009-0772

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.

References

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html

http://secunia.com/advisories/34137

http://secunia.com/advisories/34140

http://secunia.com/advisories/34145

http://secunia.com/advisories/34272

http://secunia.com/advisories/34324

http://secunia.com/advisories/34383

http://secunia.com/advisories/34387

http://secunia.com/advisories/34417

http://secunia.com/advisories/34462

http://secunia.com/advisories/34464

http://secunia.com/advisories/34527

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952

http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

http://www.debian.org/security/2009/dsa-1751

http://www.debian.org/security/2009/dsa-1830

http://www.mandriva.com/security/advisories?name=MDVSA-2009:075

http://www.mandriva.com/security/advisories?name=MDVSA-2009:083

http://www.mozilla.org/security/announce/2009/mfsa2009-07.html

http://www.redhat.com/support/errata/RHSA-2009-0258.html

http://www.redhat.com/support/errata/RHSA-2009-0315.html

http://www.redhat.com/support/errata/RHSA-2009-0325.html

http://www.securityfocus.com/bid/33990

http://www.securitytracker.com/id?1021795

http://www.vupen.com/english/advisories/2009/0632

https://bugzilla.mozilla.org/show_bug.cgi?id=475136

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5703

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5945

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6097

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6811

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9609

https://usn.ubuntu.com/741-1/

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html

Details

Source: MITRE

Published: 2009-03-05

Updated: 2018-10-03

Type: CWE-399

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 3.0.6 (inclusive)

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 1.1.14 (inclusive)

cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to 2.0.0.20 (inclusive)

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
67811Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0325)NessusOracle Linux Local Security Checks
critical
67810Oracle Linux 4 / 5 : firefox (ELSA-2009-0315)NessusOracle Linux Local Security Checks
critical
67797Oracle Linux 4 : thunderbird (ELSA-2009-0258)NessusOracle Linux Local Security Checks
critical
65116Ubuntu 6.06 LTS : firefox vulnerabilities (USN-728-3)NessusUbuntu Local Security Checks
high
65115Ubuntu 7.10 : firefox vulnerabilities (USN-728-2)NessusUbuntu Local Security Checks
high
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
60553Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60540Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60538Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
44695Debian DSA-1830-1 : icedove - several vulnerabilitiesNessusDebian Local Security Checks
critical
41467SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 6187)NessusSuSE Local Security Checks
critical
41352SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 656)NessusSuSE Local Security Checks
critical
40309openSUSE Security Update : seamonkey (seamonkey-1014)NessusSuSE Local Security Checks
critical
40170openSUSE Security Update : MozillaFirefox (MozillaFirefox-591)NessusSuSE Local Security Checks
critical
40133openSUSE Security Update : seamonkey (seamonkey-1014)NessusSuSE Local Security Checks
critical
39887openSUSE Security Update : MozillaFirefox (MozillaFirefox-591)NessusSuSE Local Security Checks
critical
39462openSUSE 10 Security Update : seamonkey (seamonkey-6310)NessusSuSE Local Security Checks
critical
38891CentOS 4 / 5 : thunderbird (CESA-2009:0258)NessusCentOS Local Security Checks
critical
38036Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-728-1)NessusUbuntu Local Security Checks
critical
37911Fedora 10 : seamonkey-1.1.15-3.fc10 (2009-3161)NessusFedora Local Security Checks
critical
37610Mandriva Linux Security Advisory : firefox (MDVSA-2009:075)NessusMandriva Local Security Checks
critical
37220Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-741-1)NessusUbuntu Local Security Checks
critical
36866Fedora 10 : Miro-2.0-4.fc10 / blam-1.8.5-7.fc10 / devhelp-0.22-5.fc10 / epiphany-2.24.3-3.fc10 / etc (2009-2422)NessusFedora Local Security Checks
critical
36827Fedora 10 : thunderbird-2.0.0.21-1.fc10 (2009-2882)NessusFedora Local Security Checks
critical
36318Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:083)NessusMandriva Local Security Checks
critical
36199openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6194)NessusSuSE Local Security Checks
critical
36054Fedora 9 : seamonkey-1.1.15-3.fc9 (2009-3101)NessusFedora Local Security Checks
critical
36014RHEL 4 / 5 : thunderbird (RHSA-2009:0258)NessusRed Hat Local Security Checks
critical
36011Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-083-03)NessusSlackware Local Security Checks
critical
36010Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : seamonkey (SSA:2009-083-02)NessusSlackware Local Security Checks
critical
4965SeaMonkey < 1.1.15 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
4964Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
35989Debian DSA-1751-1 : xulrunner - several vulnerabilitiesNessusDebian Local Security Checks
critical
35984Fedora 9 : thunderbird-2.0.0.21-1.fc9 (2009-2884)NessusFedora Local Security Checks
critical
35978SeaMonkey < 1.1.15 Multiple VulnerabilitiesNessusWindows
high
35977Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesNessusWindows
high
35802Fedora 9 : Miro-1.2.7-5.fc9 / blam-1.8.5-6.fc9.1 / chmsee-1.0.1-9.fc9 / devhelp-0.19.1-9.fc9 / etc (2009-2421)NessusFedora Local Security Checks
critical
35789CentOS 4 / 5 : firefox (CESA-2009:0315)NessusCentOS Local Security Checks
critical
35780CentOS 3 / 4 : seamonkey (CESA-2009:0325)NessusCentOS Local Security Checks
critical
4950Mozilla Firefox < 3.0.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
35778Firefox 3.0.x < 3.0.7 Multiple VulnerabilitiesNessusWindows
high
35774RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0325)NessusRed Hat Local Security Checks
critical
35773RHEL 4 / 5 : firefox (RHSA-2009:0315)NessusRed Hat Local Security Checks
critical
801212Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
800869SeaMonkey < 1.1.15 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high