CVE-2009-3371

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1

http://www.mandriva.com/security/advisories?name=MDVSA-2009:294

http://www.mozilla.org/security/announce/2009/mfsa2009-54.html

http://www.vupen.com/english/advisories/2009/3334

https://bugzilla.mozilla.org/show_bug.cgi?id=514554

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6464

Details

Source: MITRE

Published: 2009-10-29

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
67948Oracle Linux 4 / 5 : firefox (ELSA-2009-1530)NessusOracle Linux Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
49897SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6617)NessusSuSE Local Security Checks
critical
49887SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6609)NessusSuSE Local Security Checks
critical
48157Mandriva Linux Security Advisory : firefox (MDVSA-2009:294)NessusMandriva Local Security Checks
critical
42474Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 regression (USN-853-2)NessusUbuntu Local Security Checks
critical
42391openSUSE Security Update : MozillaFirefox (MozillaFirefox-1499)NessusSuSE Local Security Checks
critical
42388openSUSE Security Update : MozillaFirefox (MozillaFirefox-1499)NessusSuSE Local Security Checks
critical
42366SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6616)NessusSuSE Local Security Checks
critical
42365SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6606)NessusSuSE Local Security Checks
critical
42364SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 1493)NessusSuSE Local Security Checks
critical
42363SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1488)NessusSuSE Local Security Checks
critical
42335Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1 vulnerabilities (USN-853-1)NessusUbuntu Local Security Checks
critical
42306Firefox 3.5.x < 3.5.4 Multiple VulnerabilitiesNessusWindows
high
42298FreeBSD : mozilla -- multiple vulnerabilities (c87aa2d2-c3c4-11de-ab08-000f20797ede)NessusFreeBSD Local Security Checks
critical
42295CentOS 4 : firefox (CESA-2009:1530)NessusCentOS Local Security Checks
critical
5218Mozilla Firefox < 3.0.15 / 3.5.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
42287RHEL 4 / 5 : firefox (RHSA-2009:1530)NessusRed Hat Local Security Checks
critical