CVE-2009-1392

HIGH

Description

The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.

ID	Name	Product	Family	Severity
67881	Oracle Linux 4 : thunderbird (ELSA-2009-1125)	Nessus	Oracle Linux Local Security Checks	high
67870	Oracle Linux 3 / 4 : seamonkey (ELSA-2009-1096)	Nessus	Oracle Linux Local Security Checks	high
67869	Oracle Linux 4 / 5 : firefox (ELSA-2009-1095)	Nessus	Oracle Linux Local Security Checks	high
63881	RHEL 5 : thunderbird (RHSA-2009:1126)	Nessus	Red Hat Local Security Checks	high
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
60608	Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
60594	Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
60593	Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
44695	Debian DSA-1830-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	critical
43762	CentOS 5 : thunderbird (CESA-2009:1126)	Nessus	CentOS Local Security Checks	high
43755	CentOS 5 : firefox (CESA-2009:1095)	Nessus	CentOS Local Security Checks	high
42327	openSUSE 10 Security Update : seamonkey (seamonkey-6538)	Nessus	SuSE Local Security Checks	high
42206	openSUSE Security Update : seamonkey (seamonkey-1364)	Nessus	SuSE Local Security Checks	high
42202	openSUSE Security Update : seamonkey (seamonkey-1364)	Nessus	SuSE Local Security Checks	high
42048	SuSE9 Security Update : epiphany (YOU Patch Number 12519)	Nessus	SuSE Local Security Checks	high
41985	openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-6347)	Nessus	SuSE Local Security Checks	high
41356	SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1001)	Nessus	SuSE Local Security Checks	high
40176	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-1091)	Nessus	SuSE Local Security Checks	high
40174	openSUSE Security Update : MozillaFirefox (MozillaFirefox-1000)	Nessus	SuSE Local Security Checks	high
39896	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-1091)	Nessus	SuSE Local Security Checks	high
39891	openSUSE Security Update : MozillaFirefox (MozillaFirefox-1000)	Nessus	SuSE Local Security Checks	high
39581	Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:141)	Nessus	Mandriva Local Security Checks	high
39560	Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-178-01)	Nessus	Slackware Local Security Checks	high
39533	Ubuntu 8.04 LTS / 8.10 / 9.04 : thunderbird vulnerabilities (USN-782-1)	Nessus	Ubuntu Local Security Checks	high
39528	RHEL 4 : thunderbird (RHSA-2009:1125)	Nessus	Red Hat Local Security Checks	high
39522	Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : seamonkey (SSA:2009-176-01)	Nessus	Slackware Local Security Checks	high
39494	SeaMonkey < 1.1.17 Multiple Vulnerabilities	Nessus	Windows	high
39493	Mozilla Thunderbird < 2.0.0.22 Multiple Vulnerabilities	Nessus	Windows	high
39452	Debian DSA-1820-1 : xulrunner - several vulnerabilities	Nessus	Debian Local Security Checks	high
39443	Mandriva Linux Security Advisory : firefox (MDVSA-2009:134)	Nessus	Mandriva Local Security Checks	high
39421	Slackware 12.2 / current : mozilla-firefox (SSA:2009-167-01)	Nessus	Slackware Local Security Checks	high
39406	Fedora 9 : Miro-2.0.3-5.fc9 / blam-1.8.5-10.fc9.1 / chmsee-1.0.1-13.fc9 / devhelp-0.19.1-13.fc9 / etc (2009-6411)	Nessus	Fedora Local Security Checks	high
39403	Fedora 10 : Miro-2.0.3-5.fc10 / blam-1.8.5-11.fc10 / devhelp-0.22-9.fc10 / epiphany-2.24.3-7.fc10 / etc (2009-6366)	Nessus	Fedora Local Security Checks	high
39390	Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-779-1)	Nessus	Ubuntu Local Security Checks	high
39376	FreeBSD : mozilla -- multiple vulnerabilities (da185955-5738-11de-b857-000f20797ede)	Nessus	FreeBSD Local Security Checks	high
39373	CentOS 3 : seamonkey (CESA-2009:1096)	Nessus	CentOS Local Security Checks	high
39372	Firefox < 3.0.11 Multiple Vulnerabilities	Nessus	Windows	high
39370	RHEL 3 / 4 : seamonkey (RHSA-2009:1096)	Nessus	Red Hat Local Security Checks	high
39369	RHEL 4 / 5 : firefox (RHSA-2009:1095)	Nessus	Red Hat Local Security Checks	high
5084	SeaMonkey < 1.1.17 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
5072	Mozilla Firefox < 3.0.11 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
5001	Mozilla Thunderbird < 2.0.0.22 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
801255	Mozilla SeaMonkey < 1.1.17 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801249	Mozilla Thunderbird < 2.0.0.21 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
800755	Firefox < 3.0.11 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high

CVE-2009-1392

Description

References

Details

Risk Information

CVSS v2.0