National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-2463)

National Cyber Awareness System

Vulnerability Summary for CVE-2009-2463

Original release date:07/22/2009

Last revised:08/21/2010

Source: US-CERT/NIST

Overview

Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN

Name: ADV-2009-1972

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2009/1972

External Source: BID

Name: 35758

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/35758

External Source: FEDORA

Name: FEDORA-2009-7961

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html

External Source: CONFIRM

Name: https://bugzilla.mozilla.org/show_bug.cgi?id=492779

Type: Advisory

Hyperlink:https://bugzilla.mozilla.org/show_bug.cgi?id=492779

External Source: VUPEN

Name: ADV-2010-0650

Hyperlink:http://www.vupen.com/english/advisories/2010/0650

External Source: VUPEN

Name: ADV-2010-0648

Hyperlink:http://www.vupen.com/english/advisories/2010/0648

External Source: VUPEN

Name: ADV-2009-2152

Hyperlink:http://www.vupen.com/english/advisories/2009/2152

External Source: UBUNTU

Name: USN-915-1

Hyperlink:http://www.ubuntu.com/usn/USN-915-1

External Source: REDHAT

Name: RHSA-2010:0154

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0154.html

External Source: REDHAT

Name: RHSA-2010:0153

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0153.html

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2010/mfsa2010-07.html

Hyperlink:http://www.mozilla.org/security/announce/2010/mfsa2010-07.html

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html

Type: Advisory

Hyperlink:http://www.mozilla.org/security/announce/2009/mfsa2009-34.html

External Source: SUNALERT

Name: 1020800

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1

External Source: SUNALERT

Name: 265068

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1

External Source: SECUNIA

Name: 39001

Hyperlink:http://secunia.com/advisories/39001

External Source: SECUNIA

Name: 38977

Hyperlink:http://secunia.com/advisories/38977

External Source: SECUNIA

Name: 36145

Hyperlink:http://secunia.com/advisories/36145

External Source: SECUNIA

Name: 36005

Hyperlink:http://secunia.com/advisories/36005

External Source: SECUNIA

Name: 35947

Type: Advisory

Hyperlink:http://secunia.com/advisories/35947

External Source: SECUNIA

Name: 35944

Type: Advisory

Hyperlink:http://secunia.com/advisories/35944

External Source: SECUNIA

Name: 35943

Type: Advisory

Hyperlink:http://secunia.com/advisories/35943

External Source: SECUNIA

Name: 35914

Type: Advisory

Hyperlink:http://secunia.com/advisories/35914

External Source: REDHAT

Name: RHSA-2009:1163

Hyperlink:http://rhn.redhat.com/errata/RHSA-2009-1163.html

External Source: REDHAT

Name: RHSA-2009:1162

Hyperlink:http://rhn.redhat.com/errata/RHSA-2009-1162.html

External Source: OVAL

Name: oval:org.mitre.oval:def:10369

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10369

External Source: SUSE

Name: SUSE-SR:2010:013

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

External Source: SUSE

Name: SUSE-SA:2009:042

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html

External Source: SUSE

Name: SUSE-SA:2009:039

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html

References to Check Content

Identifier:oval:org.mitre.oval:def:10369

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10369

Vulnerable software and versions

Configuration 1

* cpe:/a:mozilla:firefox:2.0.0.14

* cpe:/a:mozilla:firefox:2.0.0.12

* cpe:/a:mozilla:firefox:3.0.1

* cpe:/a:mozilla:firefox:2.0.0.19

* cpe:/a:mozilla:firefox:0.10

* cpe:/a:mozilla:firefox:0.8

* cpe:/a:mozilla:firefox:0.10.1

* cpe:/a:mozilla:firefox:0.9.1

* cpe:/a:mozilla:firefox:0.9

* cpe:/a:mozilla:firefox:2.0:beta_1

* cpe:/a:mozilla:firefox:0.9.3

* cpe:/a:mozilla:firefox:0.9.2

* cpe:/a:mozilla:firefox:1.0.1

* cpe:/a:mozilla:firefox:3.0.5

* cpe:/a:mozilla:firefox:2.0.0.20

* cpe:/a:mozilla:firefox:1.0

* cpe:/a:mozilla:firefox:1.0.3

* cpe:/a:mozilla:firefox:0.9:rc

* cpe:/a:mozilla:firefox:1.0.2

* cpe:/a:mozilla:firefox:3.0

* cpe:/a:mozilla:firefox:1.0.5

* cpe:/a:mozilla:firefox:1.0.4

* cpe:/a:mozilla:firefox:1.0.7

* cpe:/a:mozilla:firefox:1.0.6

* cpe:/a:mozilla:firefox:2.0.0.9

* cpe:/a:mozilla:firefox:1.5

* cpe:/a:mozilla:firefox:1.0.8

* cpe:/a:mozilla:firefox:2.0_.1

* cpe:/a:mozilla:firefox:2.0_.10

* cpe:/a:mozilla:firefox:2.0_.4

* cpe:/a:mozilla:firefox:2.0_.5

* cpe:/a:mozilla:firefox:2.0_.6

* cpe:/a:mozilla:firefox:2.0_.7

* cpe:/a:mozilla:firefox:2.0_.9

* cpe:/a:mozilla:firefox:2.0_8

* cpe:/a:mozilla:firefox:2.0.0.21

* cpe:/a:mozilla:firefox:3.0.7

* cpe:/a:mozilla:firefox:2.0.0.17

* cpe:/a:mozilla:firefox:2.0.0.10

* cpe:/a:mozilla:firefox:2.0.0.16

* cpe:/a:mozilla:firefox:2.0.0.11

* cpe:/a:mozilla:firefox:1.4.1

* cpe:/a:mozilla:firefox:2.0.0.15

* cpe:/a:mozilla:firefox:0.6.1

* cpe:/a:mozilla:firefox:0.7

* cpe:/a:mozilla:firefox:0.7.1

* cpe:/a:mozilla:firefox:1.0:preview_release

* cpe:/a:mozilla:firefox:0.3

* cpe:/a:mozilla:firefox:0.4

* cpe:/a:mozilla:firefox:0.5

* cpe:/a:mozilla:firefox:0.6

* cpe:/a:mozilla:firefox:0.1

* cpe:/a:mozilla:firefox:0.2

* cpe:/a:mozilla:firefox:1.5.0.4

* cpe:/a:mozilla:firefox:1.5.0.5

* cpe:/a:mozilla:firefox:1.5.0.2

* cpe:/a:mozilla:firefox:1.5.0.3

* cpe:/a:mozilla:firefox:1.5.0.11

* cpe:/a:mozilla:firefox:2.0.0.7

* cpe:/a:mozilla:firefox:1.5.0.12

* cpe:/a:mozilla:firefox:1.5.0.1

* cpe:/a:mozilla:firefox:1.5.0.10

* cpe:/a:mozilla:firefox:1.5.3

* cpe:/a:mozilla:firefox:1.5.4

* cpe:/a:mozilla:firefox:1.5.1

* cpe:/a:mozilla:firefox:1.5.2

* cpe:/a:mozilla:firefox:1.5.0.8

* cpe:/a:mozilla:firefox:1.5.0.9

* cpe:/a:mozilla:firefox:1.5.0.6

* cpe:/a:mozilla:firefox:1.5.0.7

* cpe:/a:mozilla:firefox:1.5:beta2

* cpe:/a:mozilla:firefox:2.0:beta1

* cpe:/a:mozilla:firefox:2.0

* cpe:/a:mozilla:firefox:1.8

* cpe:/a:mozilla:firefox:1.5.8

* cpe:/a:mozilla:firefox:1.5.7

* cpe:/a:mozilla:firefox:1.5.6

* cpe:/a:mozilla:firefox:1.5.5

* cpe:/a:mozilla:firefox:2.0.0.6

* cpe:/a:mozilla:firefox:2.0.0.5

* cpe:/a:mozilla:firefox:2.0.0.4

* cpe:/a:mozilla:firefox:2.0.0.3

* cpe:/a:mozilla:firefox:0.9_rc

* cpe:/a:mozilla:firefox:2.0.0.2

* cpe:/a:mozilla:firefox:3.0.2

* cpe:/a:mozilla:firefox:2.0.0.1

* cpe:/a:mozilla:firefox:2.0:rc3

* cpe:/a:mozilla:firefox:2.0:rc2

* cpe:/a:mozilla:firefox:3.0.3

* cpe:/a:mozilla:firefox:2.0.0.8

* cpe:/a:mozilla:firefox:2.0.0.13

* cpe:/a:mozilla:firefox:3.0.6

* cpe:/a:mozilla:firefox:3.0.10

* cpe:/a:mozilla:firefox:3.0.8

* cpe:/a:mozilla:firefox:1.0.6::linux

* cpe:/a:mozilla:firefox:1.5:beta1

* cpe:/a:mozilla:firefox:3.0.4

* cpe:/a:mozilla:firefox:2.0.0.18

* cpe:/a:mozilla:firefox:3.0:beta5

* cpe:/a:mozilla:firefox:3.0:beta2

* cpe:/a:mozilla:firefox:3.0:alpha

* cpe:/a:mozilla:thunderbird:2.0.0.1

* cpe:/a:mozilla:thunderbird:2.0.0.0

* cpe:/a:mozilla:thunderbird:2.0.0.3

* cpe:/a:mozilla:thunderbird:2.0.0.2

* cpe:/a:mozilla:thunderbird:2.0.0.19

* cpe:/a:mozilla:thunderbird:2.0.0.5

* cpe:/a:mozilla:thunderbird:2.0.0.4

* cpe:/a:mozilla:thunderbird:2.0.0.8

* cpe:/a:mozilla:thunderbird:2.0.0.7

* cpe:/a:mozilla:thunderbird:2.0.0.20

* cpe:/a:mozilla:thunderbird:2.0.0.21

* cpe:/a:mozilla:thunderbird:2.0.0.16

* cpe:/a:mozilla:thunderbird:2.0.0.15

* cpe:/a:mozilla:thunderbird:2.0.0.14

* cpe:/a:mozilla:thunderbird:2.0.0.17

* cpe:/a:mozilla:thunderbird:2.0.0.9

* cpe:/a:mozilla:thunderbird:2.0.0.6

* cpe:/a:mozilla:thunderbird:2.0.14

* cpe:/a:mozilla:thunderbird:2.0.0.12

* cpe:/a:mozilla:thunderbird:2.0.0.11

* cpe:/a:mozilla:thunderbird:2.0.0.13

* cpe:/a:mozilla:firefox:3.0.9

cpe:/a:mozilla:firefox:3.0.11 and previous versions

* cpe:/a:mozilla:thunderbird:2.0.0.18

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Numeric Errors (CWE-189)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463