CVE-2009-3072

HIGH

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://secunia.com/advisories/36669

http://secunia.com/advisories/36670

http://secunia.com/advisories/36671

http://secunia.com/advisories/36692

http://secunia.com/advisories/37098

http://secunia.com/advisories/38977

http://secunia.com/advisories/39001

http://www.debian.org/security/2009/dsa-1885

http://www.mozilla.org/security/announce/2009/mfsa2009-47.html

http://www.mozilla.org/security/announce/2010/mfsa2010-07.html

http://www.novell.com/linux/security/advisories/2009_48_firefox.html

http://www.redhat.com/support/errata/RHSA-2009-1430.html

http://www.redhat.com/support/errata/RHSA-2009-1431.html

http://www.redhat.com/support/errata/RHSA-2009-1432.html

http://www.redhat.com/support/errata/RHSA-2010-0153.html

http://www.redhat.com/support/errata/RHSA-2010-0154.html

http://www.securityfocus.com/bid/36343

http://www.ubuntu.com/usn/USN-915-1

http://www.vupen.com/english/advisories/2010/0648

http://www.vupen.com/english/advisories/2010/0650

https://bugzilla.mozilla.org/show_bug.cgi?id=494283

https://bugzilla.mozilla.org/show_bug.cgi?id=501900

https://bugzilla.mozilla.org/show_bug.cgi?id=508074

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10349

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6315

Details

Source: MITRE

Published: 2009-09-10

Updated: 2017-09-19

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 3.0.13 (inclusive)

Configuration 2

OR

cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*

Tenable Plugins

View all (47 total)

IDNameProductFamilySeverity
68015Oracle Linux 4 : thunderbird (ELSA-2010-0154)NessusOracle Linux Local Security Checks
critical
67924Oracle Linux 3 : seamonkey (ELSA-2009-1432)NessusOracle Linux Local Security Checks
critical
67923Oracle Linux 4 : seamonkey (ELSA-2009-1431)NessusOracle Linux Local Security Checks
critical
67922Oracle Linux 4 / 5 : firefox (ELSA-2009-1430)NessusOracle Linux Local Security Checks
critical
63923RHEL 5 : thunderbird (RHSA-2010:0153)NessusRed Hat Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
60750Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60665Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60664Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
52687SuSE 11 Security Update : Mozilla (SAT Patch Number 1328)NessusSuSE Local Security Checks
critical
49852SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6563)NessusSuSE Local Security Checks
critical
46687openSUSE Security Update : seamonkey (openSUSE-SU-2010:0273-1)NessusSuSE Local Security Checks
critical
46686openSUSE Security Update : seamonkey (openSUSE-SU-2010:0273-1)NessusSuSE Local Security Checks
critical
46685SuSE9 Security Update : epiphany (YOU Patch Number 12616)NessusSuSE Local Security Checks
critical
46271RHEL 4 : thunderbird (RHSA-2010:0154)NessusRed Hat Local Security Checks
critical
45521Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:071)NessusMandriva Local Security Checks
critical
45397Debian DSA-2025-1 : icedove - several vulnerabilitiesNessusDebian Local Security Checks
critical
45376openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-2189)NessusSuSE Local Security Checks
critical
45375openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-2189)NessusSuSE Local Security Checks
critical
45361CentOS 5 : thunderbird (CESA-2010:0153)NessusCentOS Local Security Checks
critical
45114FreeBSD : mozilla -- multiple vulnerabilities (56cfe192-329f-11df-abb2-000f20797ede)NessusFreeBSD Local Security Checks
critical
5480Mozilla Thunderbird < 2.0.0.24 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
45110Mozilla Thunderbird < 2.0.0.24 Multiple VulnerabilitiesNessusWindows
high
45108Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : thunderbird vulnerabilities (USN-915-1)NessusUbuntu Local Security Checks
critical
45093CentOS 4 : thunderbird (CESA-2010:0154)NessusCentOS Local Security Checks
critical
44934SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6562)NessusSuSE Local Security Checks
critical
44750Debian DSA-1885-1 : xulrunner - several vulnerabilitiesNessusDebian Local Security Checks
critical
42189SuSE Security Update: Security update for Mozilla Firefox (firefox35upgrade-6562)NessusSuSE Local Security Checks
critical
41984openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6495)NessusSuSE Local Security Checks
critical
41957SuSE 11 Security Update : Mozilla (SAT Patch Number 1328)NessusSuSE Local Security Checks
critical
41955SuSE 11 Security Update : Firefox (SAT Patch Number 1340)NessusSuSE Local Security Checks
critical
41039openSUSE Security Update : MozillaFirefox (MozillaFirefox-1312)NessusSuSE Local Security Checks
critical
41033openSUSE Security Update : MozillaFirefox (MozillaFirefox-1312)NessusSuSE Local Security Checks
critical
41027Mandriva Linux Security Advisory : firefox (MDVSA-2009:236)NessusMandriva Local Security Checks
critical
40956Fedora 11 : Miro-2.5.2-4.fc11 / blam-1.8.5-14.fc11 / chmsee-1.0.1-11.fc11 / eclipse-3.4.2-15.fc11 / etc (2009-9505)NessusFedora Local Security Checks
critical
40955Fedora 10 : Miro-2.0.5-4.fc10 / blam-1.8.5-14.fc10 / epiphany-2.24.3-10.fc10 / etc (2009-9494)NessusFedora Local Security Checks
critical
40943Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-821-1)NessusUbuntu Local Security Checks
critical
40935FreeBSD : mozilla firefox -- multiple vulnerabilities (922d2398-9e2d-11de-a998-0030843d3802)NessusFreeBSD Local Security Checks
critical
40934CentOS 3 : seamonkey (CESA-2009:1432)NessusCentOS Local Security Checks
critical
40933CentOS 4 : seamonkey (CESA-2009:1431)NessusCentOS Local Security Checks
critical
40932CentOS 4 / 5 : firefox / seamonkey (CESA-2009:1430)NessusCentOS Local Security Checks
critical
5161Mozilla Firefox < 3.0.14 / 3.5.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
40931Firefox 3.5.x < 3.5.3 Multiple VulnerabilitiesNessusWindows
high
40930Firefox < 3.0.14 Multiple VulnerabilitiesNessusWindows
high
40923RHEL 3 : seamonkey (RHSA-2009:1432)NessusRed Hat Local Security Checks
critical
40922RHEL 4 : seamonkey (RHSA-2009:1431)NessusRed Hat Local Security Checks
critical
40921RHEL 4 / 5 : firefox (RHSA-2009:1430)NessusRed Hat Local Security Checks
critical