CVE-2009-3072

critical

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

https://bugzilla.mozilla.org/show_bug.cgi?id=494283

https://bugzilla.mozilla.org/show_bug.cgi?id=501900

https://bugzilla.mozilla.org/show_bug.cgi?id=508074

http://secunia.com/advisories/36669

http://secunia.com/advisories/36670

http://secunia.com/advisories/36671

http://secunia.com/advisories/36692

http://secunia.com/advisories/37098

http://secunia.com/advisories/38977

http://secunia.com/advisories/39001

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10349

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6315

http://www.debian.org/security/2009/dsa-1885

http://www.mozilla.org/security/announce/2009/mfsa2009-47.html

http://www.mozilla.org/security/announce/2010/mfsa2010-07.html

http://www.novell.com/linux/security/advisories/2009_48_firefox.html

http://www.redhat.com/support/errata/RHSA-2009-1430.html

http://www.redhat.com/support/errata/RHSA-2009-1431.html

http://www.redhat.com/support/errata/RHSA-2009-1432.html

http://www.redhat.com/support/errata/RHSA-2010-0153.html

http://www.redhat.com/support/errata/RHSA-2010-0154.html

http://www.ubuntu.com/usn/USN-915-1

http://www.vupen.com/english/advisories/2010/0648

http://www.vupen.com/english/advisories/2010/0650

Details

Source: Mitre, NVD

Published: 2009-09-10

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical