CVE-2009-3382

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1

http://www.mozilla.org/security/announce/2009/mfsa2009-64.html

http://www.vupen.com/english/advisories/2009/3334

https://bugzilla.mozilla.org/show_bug.cgi?id=514960

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11219

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5581

Details

Source: MITRE

Published: 2009-10-29

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
89735VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0001) (remote check)NessusVMware ESX Local Security Checks
critical
67948Oracle Linux 4 / 5 : firefox (ELSA-2009-1530)NessusOracle Linux Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
60683Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
49897SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6617)NessusSuSE Local Security Checks
critical
49887SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6609)NessusSuSE Local Security Checks
critical
44787Debian DSA-1922-1 : xulrunner - several vulnerabilitiesNessusDebian Local Security Checks
critical
43826VMSA-2010-0001 : ESX Service Console and vMA updates for nss and nsprNessusVMware ESX Local Security Checks
critical
42992Mandriva Linux Security Advisory : firefox (MDVSA-2009:290-1)NessusMandriva Local Security Checks
critical
42474Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 regression (USN-853-2)NessusUbuntu Local Security Checks
critical
42391openSUSE Security Update : MozillaFirefox (MozillaFirefox-1499)NessusSuSE Local Security Checks
critical
42388openSUSE Security Update : MozillaFirefox (MozillaFirefox-1499)NessusSuSE Local Security Checks
critical
42383Fedora 10 : Miro-2.0.5-5.fc10 / blam-1.8.5-15.fc10 / epiphany-2.24.3-11.fc10 / etc (2009-10981)NessusFedora Local Security Checks
critical
42366SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6616)NessusSuSE Local Security Checks
critical
42365SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6606)NessusSuSE Local Security Checks
critical
42364SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 1493)NessusSuSE Local Security Checks
critical
42363SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1488)NessusSuSE Local Security Checks
critical
42335Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1 vulnerabilities (USN-853-1)NessusUbuntu Local Security Checks
critical
42306Firefox 3.5.x < 3.5.4 Multiple VulnerabilitiesNessusWindows
high
42305Firefox < 3.0.15 Multiple VulnerabilitiesNessusWindows
high
42298FreeBSD : mozilla -- multiple vulnerabilities (c87aa2d2-c3c4-11de-ab08-000f20797ede)NessusFreeBSD Local Security Checks
critical
42295CentOS 4 : firefox (CESA-2009:1530)NessusCentOS Local Security Checks
critical
5218Mozilla Firefox < 3.0.15 / 3.5.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
42287RHEL 4 / 5 : firefox (RHSA-2009:1530)NessusRed Hat Local Security Checks
critical