Lucene search

[email protected]NVD:CVE-2009-1571

HistoryFeb 22, 2010 - 1:00 p.m.

CVE-2009-1571

2010-02-2213:00:01

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.151

Percentile

95.9%

JSON

Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.

Affected configurations

Nvd

Node

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0alpha

mozillafirefoxMatch3.0beta2

mozillafirefoxMatch3.0beta5

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0.7

mozillafirefoxMatch3.0.8

mozillafirefoxMatch3.0.9

mozillafirefoxMatch3.0.10

mozillafirefoxMatch3.0.11

mozillafirefoxMatch3.0.12

mozillafirefoxMatch3.0.13

mozillafirefoxMatch3.0.14

mozillafirefoxMatch3.0.15

mozillafirefoxMatch3.0.17

mozillafirefoxMatch3.5

mozillafirefoxMatch3.5.1

mozillafirefoxMatch3.5.2

mozillafirefoxMatch3.5.3

mozillafirefoxMatch3.5.4

mozillafirefoxMatch3.5.5

mozillafirefoxMatch3.5.6

mozillafirefoxMatch3.5.7

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillaseamonkeyMatch1.1.14

mozillaseamonkeyMatch1.1.15

mozillaseamonkeyMatch1.1.16

mozillaseamonkeyMatch1.1.17

mozillaseamonkeyMatch2.0

mozillaseamonkeyMatch2.0alpha_2

mozillaseamonkeyMatch2.0alpha_3

mozillaseamonkeyMatch2.0beta_1

mozillaseamonkeyMatch2.0beta_2

mozillaseamonkeyMatch2.0rc1

mozillaseamonkeyMatch2.0rc2

mozillaseamonkeyMatch2.0.1

mozillaseamonkeyMatch2.0.2

References

lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html

lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html

lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html

lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html

secunia.com/advisories/37242

secunia.com/advisories/38770

secunia.com/advisories/38772

secunia.com/advisories/38847

secunia.com/secunia_research/2009-45/

www.debian.org/security/2010/dsa-1999

www.mandriva.com/security/advisories?name=MDVSA-2010:042

www.mandriva.com/security/advisories?name=MDVSA-2010:051

www.mozilla.org/security/announce/2010/mfsa2010-03.html

www.redhat.com/support/errata/RHSA-2010-0112.html

www.redhat.com/support/errata/RHSA-2010-0113.html

www.redhat.com/support/errata/RHSA-2010-0153.html

www.redhat.com/support/errata/RHSA-2010-0154.html

www.securityfocus.com/archive/1/509585/100/0/threaded

www.ubuntu.com/usn/USN-895-1

www.ubuntu.com/usn/USN-896-1

www.vupen.com/english/advisories/2010/0405

www.vupen.com/english/advisories/2010/0650

bugzilla.mozilla.org/show_bug.cgi?id=526500

exchange.xforce.ibmcloud.com/vulnerabilities/56361

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.151

Percentile

95.9%

JSON

Related for NVD:CVE-2009-1571

ubuntucve1 mozilla1 cve4 nessus29 openvas102 veracode1 prion4 cvelist4 securityvulns3 seebug1 nvd3 fedora34 redhat2 oraclelinux1 centos1 ubuntu2 osv1 debian3 freebsd1 suse1