ID CVE-2009-1313
Summary The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
References
Vulnerable Configurations
  • Mozilla Firefox 3.0.9
    cpe:2.3:a:mozilla:firefox:3.0.9
CVSS
Base: 9.3 (as of 01-05-2009 - 13:48)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Mozilla Firefox 3.0.9 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability. CVE-2009-1313. Dos exploit for linux platform
id EDB-ID:32961
last seen 2016-02-03
modified 2009-04-27
published 2009-04-27
reporter Marc Gueury
source https://www.exploit-db.com/download/32961/
title Mozilla Firefox 3.0.9 - 'nsTextFrame::ClearTextRun' Remote Memory Corruption Vulnerability
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-765-1.NASL
    description It was discovered that the upstream security fixes in USN-764-1 introduced a regression which could cause the browser to crash. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38205
    published 2009-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38205
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-765-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0449.NASL
    description From Red Hat Security Advisory 2009:0449 : Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67850
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67850
    title Oracle Linux 4 / 5 : firefox (ELSA-2009-0449)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_3010.NASL
    description The version of Firefox installed on the remote host is earlier than 3.0.10. Such versions have multiple vulnerabilities : - An error in function '@nsTextFrame::ClearTextRun()' could corrupt the memory. Successful exploitation of this issue may allow arbitrary code execution on the remote system. Note this reportedly only affects 3.0.9. (MFSA 2009-23) - The browser processes a 3xx HTTP CONNECT response before a successful SSL handshake, which could allow a man-in- the-middle attacker to execute arbitrary web script in the context of a HTTPS server. (CVE-2009-2061)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 38200
    published 2009-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38200
    title Firefox < 3.0.10 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_MOZILLAFIREFOX-090507.NASL
    description Firefox version upgrade to 3.0.10 to fix a crash in nsTextFrame::ClearTextRun() (CVE-2009-1313).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40173
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40173
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-860)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-111.NASL
    description Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1313) This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. Update : The recent Mozilla Firefox update missed the Firefox language packs for Mandriva Linux 2009. This update provides them, fixing the issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 38853
    published 2009-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38853
    title Mandriva Linux Security Advisory : firefox (MDVSA-2009:111-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-090507.NASL
    description Firefox version upgrade to 3.0.10 to fix a crash in nsTextFrame::ClearTextRun(). (CVE-2009-1313)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 41355
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41355
    title SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 859)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_MOZILLAFIREFOX-090507.NASL
    description Firefox version upgrade to 3.0.10 to fix a crash in nsTextFrame::ClearTextRun() (CVE-2009-1313).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 39890
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39890
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-860)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-118-01.NASL
    description New mozilla-firefox packages are available for Slackware 12.2 and -current to fix security issues. The updated packages may also be used with Slackware 11.0 or newer.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 38201
    published 2009-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38201
    title Slackware 12.2 / current : mozilla-firefox (SSA:2009-118-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-4083.NASL
    description Update to Firefox 3.0.10 fixing one security issue: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.10 Depending packages rebuilt against new Firefox are also included in this update. Additional bugs fixed in other packages: - totem: Fix YouTube plugin following website changes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38189
    published 2009-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38189
    title Fedora 10 : Miro-2.0.3-4.fc10 / blam-1.8.5-10.fc10 / devhelp-0.22-8.fc10 / epiphany-2.24.3-6.fc10 / etc (2009-4083)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0449.NASL
    description Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43745
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43745
    title CentOS 4 / 5 : firefox (CESA-2009:0449)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0449.NASL
    description Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 38193
    published 2009-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38193
    title RHEL 4 / 5 : firefox (RHSA-2009:0449)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-4078.NASL
    description Update to Firefox 3.0.10 fixing one security issue: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.10 Depending packages rebuilt against new Firefox are also included in this update. Additional bugs fixed in other packages: - totem: Fix YouTube plugin following website changes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38188
    published 2009-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38188
    title Fedora 9 : Miro-2.0.3-4.fc9 / blam-1.8.5-9.fc9.1 / chmsee-1.0.1-12.fc9 / devhelp-0.19.1-12.fc9 / etc (2009-4078)
oval via4
accepted 2013-04-29T04:05:45.927-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
family unix
id oval:org.mitre.oval:def:10446
status accepted
submitted 2010-07-09T03:56:16-04:00
title The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
version 24
redhat via4
advisories
bugzilla
id 497447
title CVE-2009-1313 Firefox crash in nsTextFrame::ClearTextRun()
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • comment firefox is earlier than 0:3.0.10-1.el4
      oval oval:com.redhat.rhsa:tst:20090449002
    • comment firefox is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20060733003
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment xulrunner is earlier than 0:1.9.0.10-1.el5
          oval oval:com.redhat.rhsa:tst:20090449005
        • comment xulrunner is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080569003
      • AND
        • comment xulrunner-devel is earlier than 0:1.9.0.10-1.el5
          oval oval:com.redhat.rhsa:tst:20090449009
        • comment xulrunner-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080569005
      • AND
        • comment xulrunner-devel-unstable is earlier than 0:1.9.0.10-1.el5
          oval oval:com.redhat.rhsa:tst:20090449007
        • comment xulrunner-devel-unstable is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080569007
      • AND
        • comment firefox is earlier than 0:3.0.10-1.el5
          oval oval:com.redhat.rhsa:tst:20090449011
        • comment firefox is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070097009
rhsa
id RHSA-2009:0449
released 2009-04-27
severity Critical
title RHSA-2009:0449: firefox security update (Critical)
rpms
  • firefox-0:3.0.10-1.el4
  • xulrunner-0:1.9.0.10-1.el5
  • xulrunner-devel-0:1.9.0.10-1.el5
  • xulrunner-devel-unstable-0:1.9.0.10-1.el5
  • firefox-0:3.0.10-1.el5
refmap via4
bid 34743
confirm
mandriva MDVSA-2009:111
sectrack
  • 1022126
  • 1022127
secunia
  • 34851
  • 34866
  • 34910
  • 34919
slackware SSA:2009-118-01
ubuntu USN-765-1
vupen ADV-2009-1180
Last major update 21-08-2010 - 01:31
Published 30-04-2009 - 17:30
Last modified 28-09-2017 - 21:34
Back to Top