CVE-2009-1313

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.

References

http://secunia.com/advisories/34851

http://secunia.com/advisories/34866

http://secunia.com/advisories/34910

http://secunia.com/advisories/34919

http://securitytracker.com/id?1022126

http://securitytracker.com/id?1022127

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.350967

http://www.mandriva.com/security/advisories?name=MDVSA-2009:111

http://www.mozilla.org/security/announce/2009/mfsa2009-23.html

http://www.securityfocus.com/bid/34743

http://www.ubuntu.com/usn/USN-765-1

http://www.vupen.com/english/advisories/2009/1180

https://bugzilla.mozilla.org/show_bug.cgi?id=489647

https://bugzilla.mozilla.org/show_bug.cgi?id=489676

https://bugzilla.mozilla.org/show_bug.cgi?id=490233

https://bugzilla.redhat.com/show_bug.cgi?id=497447

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10446

https://rhn.redhat.com/errata/RHSA-2009-0449.html

Details

Source: MITRE

Published: 2009-04-30

Updated: 2017-09-29

Type: CWE-399

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
67850Oracle Linux 4 / 5 : firefox (ELSA-2009-0449)NessusOracle Linux Local Security Checks
high
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
43745CentOS 4 / 5 : firefox (CESA-2009:0449)NessusCentOS Local Security Checks
high
41355SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 859)NessusSuSE Local Security Checks
high
40173openSUSE Security Update : MozillaFirefox (MozillaFirefox-860)NessusSuSE Local Security Checks
high
39890openSUSE Security Update : MozillaFirefox (MozillaFirefox-860)NessusSuSE Local Security Checks
high
38853Mandriva Linux Security Advisory : firefox (MDVSA-2009:111-1)NessusMandriva Local Security Checks
high
38205Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-765-1)NessusUbuntu Local Security Checks
high
38201Slackware 12.2 / current : mozilla-firefox (SSA:2009-118-01)NessusSlackware Local Security Checks
high
38200Firefox < 3.0.10 Multiple VulnerabilitiesNessusWindows
high
38193RHEL 4 / 5 : firefox (RHSA-2009:0449)NessusRed Hat Local Security Checks
high
38189Fedora 10 : Miro-2.0.3-4.fc10 / blam-1.8.5-10.fc10 / devhelp-0.22-8.fc10 / epiphany-2.24.3-6.fc10 / etc (2009-4083)NessusFedora Local Security Checks
high
38188Fedora 9 : Miro-2.0.3-4.fc9 / blam-1.8.5-9.fc9.1 / chmsee-1.0.1-12.fc9 / devhelp-0.19.1-12.fc9 / etc (2009-4078)NessusFedora Local Security Checks
high
5008Mozilla Firefox 3.0.9 Memory CorruptionNessus Network MonitorWeb Clients
medium
800744Firefox 3.0.9 Memory CorruptionLog Correlation EngineWeb Clients
high