CVE-2009-2462

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition.

References

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html

http://rhn.redhat.com/errata/RHSA-2009-1162.html

http://rhn.redhat.com/errata/RHSA-2009-1163.html

http://secunia.com/advisories/35914

http://secunia.com/advisories/35943

http://secunia.com/advisories/35944

http://secunia.com/advisories/35947

http://secunia.com/advisories/36005

http://secunia.com/advisories/36145

http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1

http://www.mozilla.org/security/announce/2009/mfsa2009-34.html

http://www.redhat.com/support/errata/RHSA-2010-0153.html

http://www.redhat.com/support/errata/RHSA-2010-0154.html

http://www.securityfocus.com/bid/35758

http://www.vupen.com/english/advisories/2009/1972

http://www.vupen.com/english/advisories/2009/2152

http://www.vupen.com/english/advisories/2010/0650

https://bugzilla.mozilla.org/show_bug.cgi?id=413085

https://bugzilla.mozilla.org/show_bug.cgi?id=442227

https://bugzilla.mozilla.org/show_bug.cgi?id=445177

https://bugzilla.mozilla.org/show_bug.cgi?id=461861

https://bugzilla.mozilla.org/show_bug.cgi?id=463350

https://bugzilla.mozilla.org/show_bug.cgi?id=466763

https://bugzilla.mozilla.org/show_bug.cgi?id=468211

https://bugzilla.mozilla.org/show_bug.cgi?id=472668

https://bugzilla.mozilla.org/show_bug.cgi?id=472950

https://bugzilla.mozilla.org/show_bug.cgi?id=491134

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10906

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html

Details

Source: MITRE

Published: 2009-07-22

Updated: 2018-10-30

Type: CWE-399

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 3.0.11 (inclusive)

cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.20:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
68015Oracle Linux 4 : thunderbird (ELSA-2010-0154)NessusOracle Linux Local Security Checks
critical
67894Oracle Linux 3 / 4 : seamonkey (ELSA-2009-1163)NessusOracle Linux Local Security Checks
critical
67893Oracle Linux 4 / 5 : firefox (ELSA-2009-1162)NessusOracle Linux Local Security Checks
critical
63923RHEL 5 : thunderbird (RHSA-2010:0153)NessusRed Hat Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
62809Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64 (fwd)NessusScientific Linux Local Security Checks
critical
62808Scientific Linux Security Update : firefox on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60750Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60626Scientific Linux Security Update : seamonkey on SL3.0.9 i386/x86_64NessusScientific Linux Local Security Checks
critical
60620Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64 (fwd)NessusScientific Linux Local Security Checks
critical
60619Scientific Linux Security Update : firefox on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60618Scientific Linux Security Update : firefox on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
46271RHEL 4 : thunderbird (RHSA-2010:0154)NessusRed Hat Local Security Checks
critical
45521Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:071)NessusMandriva Local Security Checks
critical
45361CentOS 5 : thunderbird (CESA-2010:0153)NessusCentOS Local Security Checks
critical
45093CentOS 4 : thunderbird (CESA-2010:0154)NessusCentOS Local Security Checks
critical
44705Debian DSA-1840-1 : xulrunner - several vulnerabilitiesNessusDebian Local Security Checks
critical
43769CentOS 5 : firefox (CESA-2009:1162)NessusCentOS Local Security Checks
critical
41983openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6379)NessusSuSE Local Security Checks
critical
41357SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1134)NessusSuSE Local Security Checks
critical
40438Mandriva Linux Security Advisory : firefox (MDVSA-2009:182)NessusMandriva Local Security Checks
critical
800767Firefox < 3.0.12 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5101Mozilla Firefox < 3.0.12 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
40404openSUSE Security Update : MozillaFirefox (MozillaFirefox-1135)NessusSuSE Local Security Checks
critical
40403openSUSE Security Update : MozillaFirefox (MozillaFirefox-1135)NessusSuSE Local Security Checks
critical
40358Fedora 10 : Miro-2.0.5-2.fc10 / blam-1.8.5-12.fc10 / devhelp-0.22-10.fc10 / epiphany-2.24.3-8.fc10 / etc (2009-7961)NessusFedora Local Security Checks
critical
40348Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-798-1)NessusUbuntu Local Security Checks
critical
40345CentOS 3 : seamonkey (CESA-2009:1163)NessusCentOS Local Security Checks
critical
40351Firefox < 3.0.12 Multiple VulnerabilitiesNessusWindows
high
40341RHEL 3 / 4 : seamonkey (RHSA-2009:1163)NessusRed Hat Local Security Checks
critical
40340RHEL 4 / 5 : firefox (RHSA-2009:1162)NessusRed Hat Local Security Checks
critical