Lucene search
HistoryDec 17, 2009 - 5:30 p.m.
CVE-2009-3981
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
High
EPSS
0.109
Percentile
95.2%
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Affected configurations
Node
mozillafirefoxRange≤3.0.15
ORmozillafirefoxMatch0.1
ORmozillafirefoxMatch0.2
ORmozillafirefoxMatch0.3
ORmozillafirefoxMatch0.4
ORmozillafirefoxMatch0.5
ORmozillafirefoxMatch0.6
ORmozillafirefoxMatch0.6.1
ORmozillafirefoxMatch0.7
ORmozillafirefoxMatch0.7.1
ORmozillafirefoxMatch0.8
ORmozillafirefoxMatch0.9
ORmozillafirefoxMatch0.9rc
ORmozillafirefoxMatch0.9.1
ORmozillafirefoxMatch0.9.2
ORmozillafirefoxMatch0.9.3
ORmozillafirefoxMatch0.10
ORmozillafirefoxMatch0.10.1
ORmozillafirefoxMatch1.0
ORmozillafirefoxMatch1.0preview_release
ORmozillafirefoxMatch1.0.1
ORmozillafirefoxMatch1.0.2
ORmozillafirefoxMatch1.0.3
ORmozillafirefoxMatch1.0.4
ORmozillafirefoxMatch1.0.5
ORmozillafirefoxMatch1.0.6
ORmozillafirefoxMatch1.0.7
ORmozillafirefoxMatch1.0.8
ORmozillafirefoxMatch1.4.1
ORmozillafirefoxMatch1.5
ORmozillafirefoxMatch1.5beta1
ORmozillafirefoxMatch1.5beta2
ORmozillafirefoxMatch1.5.0.1
ORmozillafirefoxMatch1.5.0.2
ORmozillafirefoxMatch1.5.0.3
ORmozillafirefoxMatch1.5.0.4
ORmozillafirefoxMatch1.5.0.5
ORmozillafirefoxMatch1.5.0.6
ORmozillafirefoxMatch1.5.0.7
ORmozillafirefoxMatch1.5.0.8
ORmozillafirefoxMatch1.5.0.9
ORmozillafirefoxMatch1.5.0.10
ORmozillafirefoxMatch1.5.0.11
ORmozillafirefoxMatch1.5.0.12
ORmozillafirefoxMatch1.5.1
ORmozillafirefoxMatch1.5.2
ORmozillafirefoxMatch1.5.3
ORmozillafirefoxMatch1.5.4
ORmozillafirefoxMatch1.5.5
ORmozillafirefoxMatch1.5.6
ORmozillafirefoxMatch1.5.7
ORmozillafirefoxMatch1.5.8
ORmozillafirefoxMatch1.8
ORmozillafirefoxMatch2.0
ORmozillafirefoxMatch2.0beta_1
ORmozillafirefoxMatch2.0beta1
ORmozillafirefoxMatch2.0rc2
ORmozillafirefoxMatch2.0rc3
ORmozillafirefoxMatch2.0.0.1
ORmozillafirefoxMatch2.0.0.2
ORmozillafirefoxMatch2.0.0.3
ORmozillafirefoxMatch2.0.0.4
ORmozillafirefoxMatch2.0.0.5
ORmozillafirefoxMatch2.0.0.6
ORmozillafirefoxMatch2.0.0.7
ORmozillafirefoxMatch2.0.0.8
ORmozillafirefoxMatch2.0.0.9
ORmozillafirefoxMatch2.0.0.10
ORmozillafirefoxMatch2.0.0.11
ORmozillafirefoxMatch2.0.0.12
ORmozillafirefoxMatch2.0.0.13
ORmozillafirefoxMatch2.0.0.14
ORmozillafirefoxMatch2.0.0.15
ORmozillafirefoxMatch2.0.0.16
ORmozillafirefoxMatch2.0.0.17
ORmozillafirefoxMatch2.0.0.18
ORmozillafirefoxMatch2.0.0.19
ORmozillafirefoxMatch2.0.0.20
ORmozillafirefoxMatch2.0.0.21
ORmozillafirefoxMatch2.0_.1
ORmozillafirefoxMatch2.0_.4
ORmozillafirefoxMatch2.0_.5
ORmozillafirefoxMatch2.0_.6
ORmozillafirefoxMatch2.0_.7
ORmozillafirefoxMatch2.0_.9
ORmozillafirefoxMatch2.0_.10
ORmozillafirefoxMatch2.0_8
ORmozillafirefoxMatch3.0
ORmozillafirefoxMatch3.0alpha
ORmozillafirefoxMatch3.0beta2
ORmozillafirefoxMatch3.0beta5
ORmozillafirefoxMatch3.0.1
ORmozillafirefoxMatch3.0.2
ORmozillafirefoxMatch3.0.3
ORmozillafirefoxMatch3.0.4
ORmozillafirefoxMatch3.0.5
ORmozillafirefoxMatch3.0.6
ORmozillafirefoxMatch3.0.7
ORmozillafirefoxMatch3.0.8
ORmozillafirefoxMatch3.0.9
ORmozillafirefoxMatch3.0.10
ORmozillafirefoxMatch3.0.11
ORmozillafirefoxMatch3.0.12
ORmozillafirefoxMatch3.0.13
ORmozillafirefoxMatch3.0.14
ORmozillaseamonkeyRange≤2.0rc2
ORmozillaseamonkeyMatch1.0
ORmozillaseamonkeyMatch1.0alpha
ORmozillaseamonkeyMatch1.0beta
ORmozillaseamonkeyMatch1.0.1
ORmozillaseamonkeyMatch1.0.2
ORmozillaseamonkeyMatch1.0.3
ORmozillaseamonkeyMatch1.0.4
ORmozillaseamonkeyMatch1.0.5
ORmozillaseamonkeyMatch1.0.6
ORmozillaseamonkeyMatch1.0.7
ORmozillaseamonkeyMatch1.0.8
ORmozillaseamonkeyMatch1.0.9
ORmozillaseamonkeyMatch1.0.99
ORmozillaseamonkeyMatch1.1
ORmozillaseamonkeyMatch1.1alpha
ORmozillaseamonkeyMatch1.1beta
ORmozillaseamonkeyMatch1.1.1
ORmozillaseamonkeyMatch1.1.2
ORmozillaseamonkeyMatch1.1.3
ORmozillaseamonkeyMatch1.1.4
ORmozillaseamonkeyMatch1.1.5
ORmozillaseamonkeyMatch1.1.6
ORmozillaseamonkeyMatch1.1.7
ORmozillaseamonkeyMatch1.1.8
ORmozillaseamonkeyMatch1.1.9
ORmozillaseamonkeyMatch1.1.10
ORmozillaseamonkeyMatch1.1.11
ORmozillaseamonkeyMatch1.1.12
ORmozillaseamonkeyMatch1.1.13
ORmozillaseamonkeyMatch1.1.14
ORmozillaseamonkeyMatch1.1.15
ORmozillaseamonkeyMatch1.1.16
ORmozillaseamonkeyMatch1.1.17
ORmozillaseamonkeyMatch1.5.0.8
ORmozillaseamonkeyMatch1.5.0.9
ORmozillaseamonkeyMatch1.5.0.10
ORmozillaseamonkeyMatch2.0
ORmozillaseamonkeyMatch2.0alpha_1
ORmozillaseamonkeyMatch2.0alpha_2
ORmozillaseamonkeyMatch2.0alpha_3
ORmozillaseamonkeyMatch2.0beta_1
ORmozillaseamonkeyMatch2.0beta_2
ORmozillaseamonkeyMatch2.0rc1
ORmozillaseamonkeyMatch2.0a1pre
ORmozillaseamonkeyMatch2.0a1pre
ORmozillathunderbird
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox | 0.1 | cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:* |
| mozilla | firefox | 0.2 | cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:* |
| mozilla | firefox | 0.3 | cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:* |
| mozilla | firefox | 0.4 | cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:* |
| mozilla | firefox | 0.5 | cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:* |
| mozilla | firefox | 0.6 | cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:* |
| mozilla | firefox | 0.6.1 | cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:* |
| mozilla | firefox | 0.7 | cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:* |
| mozilla | firefox | 0.7.1 | cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:* |
References
secunia.com/advisories/37699
secunia.com/advisories/37704
secunia.com/advisories/37785
secunia.com/advisories/37813
secunia.com/advisories/37881
securitytracker.com/id?1023333
securitytracker.com/id?1023334
www.debian.org/security/2009/dsa-1956
www.mozilla.org/security/announce/2009/mfsa2009-65.html
www.novell.com/linux/security/advisories/2009_63_firefox.html
www.securityfocus.com/bid/37349
www.securityfocus.com/bid/37363
www.ubuntu.com/usn/USN-873-1
www.vupen.com/english/advisories/2009/3547
bugzilla.mozilla.org/show_bug.cgi?id=468771
bugzilla.redhat.com/show_bug.cgi?id=546713
exchange.xforce.ibmcloud.com/vulnerabilities/54801
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8523
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8584
rhn.redhat.com/errata/RHSA-2009-1674.html
Related
prion
prion
Memory corruption
2009-12-17 17:30:00
cve
cve
CVE-2009-3981
2009-12-17 17:30:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:41:40
cvelist
cvelist
CVE-2009-3981
2009-12-17 17:00:00
ubuntucve
ubuntucve
CVE-2009-3981
2009-12-15 00:00:00
openvas
openvas
Thunderbird Multiple Vulnerabilities (Dec 2009) - Linux
2009-12-23 00:00:00
Thunderbird Multiple Vulnerabilities (Dec 2009) - Windows
2009-12-23 00:00:00
Thunderbird Multiple Vulnerabilities Dec-09 (Linux)
2009-12-23 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16) — Mozilla
2009-12-15 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-65
2009-12-17 00:00:00
Mozilla Firefox multiple security vulnerabilities
2009-12-17 00:00:00
nessus
nessus
openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)
2009-12-23 00:00:00
openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)
2009-12-23 00:00:00
Mozilla Thunderbird < 3.0.1 Multiple Vulnerabilities
2010-01-22 00:00:00
redhat
redhat
(RHSA-2009:1674) Critical: firefox security update
2009-12-16 00:00:00
oraclelinux
oraclelinux
firefox security update
2009-12-16 00:00:00
ubuntu
ubuntu
Firefox 3.0 and Xulrunner 1.9 regression
2010-01-08 00:00:00
Firefox 3.0 and Xulrunner 1.9 vulnerabilities
2009-12-18 00:00:00
debian
debian
[SECURITY] [DSA 1956-1] New xulrunner packages fix several vulnerabilities
2009-12-16 21:15:39
centos
centos
firefox, xulrunner security update
2009-12-18 02:04:10
osv
osv
xulrunner - several vulnerabilities
2009-12-16 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-12-22 15:19:49
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-12-16 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
High
EPSS
0.109
Percentile
95.2%
Related for NVD:CVE-2009-3981