National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-0771)

National Cyber Awareness System

Vulnerability Summary for CVE-2009-0771

Original release date:03/05/2009

Last revised:08/21/2010

Source: US-CERT/NIST

Overview

The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: FEDORA

Name: FEDORA-2009-3101

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html

External Source: CONFIRM

Name: https://bugzilla.mozilla.org/buglist.cgi?bug_id=424276,435209,436965,460706,466057,468578,471594,472502

Hyperlink:https://bugzilla.mozilla.org/buglist.cgi?bug_id=424276,435209,436965,460706,466057,468578,471594,472502

External Source: VUPEN

Name: ADV-2009-0632

Hyperlink:http://www.vupen.com/english/advisories/2009/0632

External Source: SECTRACK

Name: 1021795

Hyperlink:http://www.securitytracker.com/id?1021795

External Source: BID

Name: 33990

Hyperlink:http://www.securityfocus.com/bid/33990

External Source: REDHAT

Name: RHSA-2009:0315

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0315.html

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2009/mfsa2009-07.html

Hyperlink:http://www.mozilla.org/security/announce/2009/mfsa2009-07.html

External Source: MANDRIVA

Name: MDVSA-2009:083

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:083

External Source: MANDRIVA

Name: MDVSA-2009:075

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:075

External Source: DEBIAN

Name: DSA-1830

Hyperlink:http://www.debian.org/security/2009/dsa-1830

External Source: DEBIAN

Name: DSA-1751

Hyperlink:http://www.debian.org/security/2009/dsa-1751

External Source: CONFIRM

Name: http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

Hyperlink:http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

External Source: SLACKWARE

Name: SSA:2009-083-03

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952

External Source: SLACKWARE

Name: SSA:2009-083-02

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420

External Source: SECUNIA

Name: 34527

Hyperlink:http://secunia.com/advisories/34527

External Source: SECUNIA

Name: 34464

Hyperlink:http://secunia.com/advisories/34464

External Source: SECUNIA

Name: 34462

Hyperlink:http://secunia.com/advisories/34462

External Source: SECUNIA

Name: 34383

Hyperlink:http://secunia.com/advisories/34383

External Source: SECUNIA

Name: 34272

Hyperlink:http://secunia.com/advisories/34272

External Source: SECUNIA

Name: 34145

Hyperlink:http://secunia.com/advisories/34145

External Source: SECUNIA

Name: 34140

Hyperlink:http://secunia.com/advisories/34140

External Source: OVAL

Name: oval:org.mitre.oval:def:6755

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6755

External Source: OVAL

Name: oval:org.mitre.oval:def:6196

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6196

External Source: OVAL

Name: oval:org.mitre.oval:def:6163

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6163

External Source: OVAL

Name: oval:org.mitre.oval:def:5250

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5250

External Source: OVAL

Name: oval:org.mitre.oval:def:11314

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11314

External Source: SUSE

Name: SUSE-SA:2009:012

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html