ID CVE-2009-2462
Summary The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition.
References
Vulnerable Configurations
  • Mozilla Firefox 0.1
    cpe:2.3:a:mozilla:firefox:0.1
  • Mozilla Firefox 0.2
    cpe:2.3:a:mozilla:firefox:0.2
  • Mozilla Firefox 0.3
    cpe:2.3:a:mozilla:firefox:0.3
  • Mozilla Firefox 0.4
    cpe:2.3:a:mozilla:firefox:0.4
  • Mozilla Firefox 0.5
    cpe:2.3:a:mozilla:firefox:0.5
  • Mozilla Firefox 0.6
    cpe:2.3:a:mozilla:firefox:0.6
  • Mozilla Firefox 0.6.1
    cpe:2.3:a:mozilla:firefox:0.6.1
  • Mozilla Firefox 0.7
    cpe:2.3:a:mozilla:firefox:0.7
  • Mozilla Firefox 0.7.1
    cpe:2.3:a:mozilla:firefox:0.7.1
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • cpe:2.3:a:mozilla:firefox:0.9_rc
    cpe:2.3:a:mozilla:firefox:0.9_rc
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0 Preview Release
    cpe:2.3:a:mozilla:firefox:1.0:preview_release
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
  • Mozilla Firefox 1.0.4
    cpe:2.3:a:mozilla:firefox:1.0.4
  • Mozilla Firefox 1.0.5
    cpe:2.3:a:mozilla:firefox:1.0.5
  • Mozilla Firefox 1.0.6
    cpe:2.3:a:mozilla:firefox:1.0.6
  • cpe:2.3:a:mozilla:firefox:1.0.6:-:linux
    cpe:2.3:a:mozilla:firefox:1.0.6:-:linux
  • Mozilla Firefox 1.0.7
    cpe:2.3:a:mozilla:firefox:1.0.7
  • Mozilla Firefox 1.0.8
    cpe:2.3:a:mozilla:firefox:1.0.8
  • Mozilla Firefox 1.4.1
    cpe:2.3:a:mozilla:firefox:1.4.1
  • Mozilla Firefox 1.5
    cpe:2.3:a:mozilla:firefox:1.5
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
  • Mozilla Firefox 1.5 Beta 2
    cpe:2.3:a:mozilla:firefox:1.5:beta2
  • Mozilla Firefox 1.5.0.1
    cpe:2.3:a:mozilla:firefox:1.5.0.1
  • Mozilla Firefox 1.5.0.2
    cpe:2.3:a:mozilla:firefox:1.5.0.2
  • Mozilla Firefox 1.5.0.3
    cpe:2.3:a:mozilla:firefox:1.5.0.3
  • Mozilla Firefox 1.5.0.4
    cpe:2.3:a:mozilla:firefox:1.5.0.4
  • Mozilla Firefox 1.5.0.5
    cpe:2.3:a:mozilla:firefox:1.5.0.5
  • Mozilla Firefox 1.5.0.6
    cpe:2.3:a:mozilla:firefox:1.5.0.6
  • Mozilla Firefox 1.5.0.7
    cpe:2.3:a:mozilla:firefox:1.5.0.7
  • Mozilla Firefox 1.5.0.8
    cpe:2.3:a:mozilla:firefox:1.5.0.8
  • Mozilla Firefox 1.5.0.9
    cpe:2.3:a:mozilla:firefox:1.5.0.9
  • Mozilla Firefox 1.5.0.10
    cpe:2.3:a:mozilla:firefox:1.5.0.10
  • Mozilla Firefox 1.5.0.11
    cpe:2.3:a:mozilla:firefox:1.5.0.11
  • Mozilla Firefox 1.5.0.12
    cpe:2.3:a:mozilla:firefox:1.5.0.12
  • Mozilla Firefox 1.5.1
    cpe:2.3:a:mozilla:firefox:1.5.1
  • Mozilla Firefox 1.5.2
    cpe:2.3:a:mozilla:firefox:1.5.2
  • Mozilla Firefox 1.5.3
    cpe:2.3:a:mozilla:firefox:1.5.3
  • Mozilla Firefox 1.5.4
    cpe:2.3:a:mozilla:firefox:1.5.4
  • Mozilla Firefox 1.5.5
    cpe:2.3:a:mozilla:firefox:1.5.5
  • Mozilla Firefox 1.5.6
    cpe:2.3:a:mozilla:firefox:1.5.6
  • Mozilla Firefox 1.5.7
    cpe:2.3:a:mozilla:firefox:1.5.7
  • Mozilla Firefox 1.5.8
    cpe:2.3:a:mozilla:firefox:1.5.8
  • Mozilla Firefox 1.8
    cpe:2.3:a:mozilla:firefox:1.8
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • cpe:2.3:a:mozilla:firefox:2.0:beta1
    cpe:2.3:a:mozilla:firefox:2.0:beta1
  • cpe:2.3:a:mozilla:firefox:2.0:beta_1
    cpe:2.3:a:mozilla:firefox:2.0:beta_1
  • cpe:2.3:a:mozilla:firefox:2.0:rc2
    cpe:2.3:a:mozilla:firefox:2.0:rc2
  • cpe:2.3:a:mozilla:firefox:2.0:rc3
    cpe:2.3:a:mozilla:firefox:2.0:rc3
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla Firefox 2.0.0.14
    cpe:2.3:a:mozilla:firefox:2.0.0.14
  • Mozilla Firefox 2.0.0.15
    cpe:2.3:a:mozilla:firefox:2.0.0.15
  • Mozilla Firefox 2.0.0.16
    cpe:2.3:a:mozilla:firefox:2.0.0.16
  • Mozilla Firefox 2.0.0.17
    cpe:2.3:a:mozilla:firefox:2.0.0.17
  • Mozilla Firefox 2.0.0.18
    cpe:2.3:a:mozilla:firefox:2.0.0.18
  • Mozilla Firefox 2.0.0.19
    cpe:2.3:a:mozilla:firefox:2.0.0.19
  • Mozilla Firefox 2.0.0.20
    cpe:2.3:a:mozilla:firefox:2.0.0.20
  • cpe:2.3:a:mozilla:firefox:2.0.0.21
    cpe:2.3:a:mozilla:firefox:2.0.0.21
  • cpe:2.3:a:mozilla:firefox:2.0_.1
    cpe:2.3:a:mozilla:firefox:2.0_.1
  • cpe:2.3:a:mozilla:firefox:2.0_.4
    cpe:2.3:a:mozilla:firefox:2.0_.4
  • cpe:2.3:a:mozilla:firefox:2.0_.5
    cpe:2.3:a:mozilla:firefox:2.0_.5
  • cpe:2.3:a:mozilla:firefox:2.0_.6
    cpe:2.3:a:mozilla:firefox:2.0_.6
  • cpe:2.3:a:mozilla:firefox:2.0_.7
    cpe:2.3:a:mozilla:firefox:2.0_.7
  • cpe:2.3:a:mozilla:firefox:2.0_.9
    cpe:2.3:a:mozilla:firefox:2.0_.9
  • cpe:2.3:a:mozilla:firefox:2.0_.10
    cpe:2.3:a:mozilla:firefox:2.0_.10
  • cpe:2.3:a:mozilla:firefox:2.0_8
    cpe:2.3:a:mozilla:firefox:2.0_8
  • Mozilla Firefox 3.0
    cpe:2.3:a:mozilla:firefox:3.0
  • cpe:2.3:a:mozilla:firefox:3.0:alpha
    cpe:2.3:a:mozilla:firefox:3.0:alpha
  • Mozilla Firefox 3.0 Beta 2
    cpe:2.3:a:mozilla:firefox:3.0:beta2
  • cpe:2.3:a:mozilla:firefox:3.0:beta5
    cpe:2.3:a:mozilla:firefox:3.0:beta5
  • Mozilla Firefox 3.0.1
    cpe:2.3:a:mozilla:firefox:3.0.1
  • Mozilla Firefox 3.0.2
    cpe:2.3:a:mozilla:firefox:3.0.2
  • Mozilla Firefox 3.0.3
    cpe:2.3:a:mozilla:firefox:3.0.3
  • Mozilla Firefox 3.0.4
    cpe:2.3:a:mozilla:firefox:3.0.4
  • Mozilla Firefox 3.0.5
    cpe:2.3:a:mozilla:firefox:3.0.5
  • Mozilla Firefox 3.0.6
    cpe:2.3:a:mozilla:firefox:3.0.6
  • Mozilla Firefox 3.0.7
    cpe:2.3:a:mozilla:firefox:3.0.7
  • Mozilla Firefox 3.0.8
    cpe:2.3:a:mozilla:firefox:3.0.8
  • Mozilla Firefox 3.0.9
    cpe:2.3:a:mozilla:firefox:3.0.9
  • Mozilla Firefox 3.0.10
    cpe:2.3:a:mozilla:firefox:3.0.10
  • Mozilla Firefox 3.0.11
    cpe:2.3:a:mozilla:firefox:3.0.11
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 2.0.0.1
    cpe:2.3:a:mozilla:thunderbird:2.0.0.1
  • Mozilla Thunderbird 2.0.0.2
    cpe:2.3:a:mozilla:thunderbird:2.0.0.2
  • Mozilla Thunderbird 2.0.0.3
    cpe:2.3:a:mozilla:thunderbird:2.0.0.3
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.7
    cpe:2.3:a:mozilla:thunderbird:2.0.0.7
  • Mozilla Thunderbird 2.0.0.8
    cpe:2.3:a:mozilla:thunderbird:2.0.0.8
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.11
    cpe:2.3:a:mozilla:thunderbird:2.0.0.11
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.13
    cpe:2.3:a:mozilla:thunderbird:2.0.0.13
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14
  • Mozilla Thunderbird 2.0.0.15
    cpe:2.3:a:mozilla:thunderbird:2.0.0.15
  • Mozilla Thunderbird 2.0.0.16
    cpe:2.3:a:mozilla:thunderbird:2.0.0.16
  • Mozilla Thunderbird 2.0.0.17
    cpe:2.3:a:mozilla:thunderbird:2.0.0.17
  • Mozilla Thunderbird 2.0.0.18
    cpe:2.3:a:mozilla:thunderbird:2.0.0.18
  • Mozilla Thunderbird 2.0.0.19
    cpe:2.3:a:mozilla:thunderbird:2.0.0.19
  • Mozilla Thunderbird 2.0.0.20
    cpe:2.3:a:mozilla:thunderbird:2.0.0.20
  • Mozilla Thunderbird 2.0.0.21
    cpe:2.3:a:mozilla:thunderbird:2.0.0.21
CVSS
Base: 10.0 (as of 22-07-2009 - 15:23)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090723_SEAMONKEY_ON_SL4_X.NASL
    description CVE-2009-2462 Mozilla Browser engine crashes CVE-2009-2463 Mozilla Base64 decoding crash CVE-2009-2466 Mozilla JavaScript engine crashes Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. SRPM seamonkey-1.0.9-45.el4_8.src.rpm
    last seen 2019-02-21
    modified 2016-12-14
    plugin id 60620
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60620
    title Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64 (fwd)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0154.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45093
    published 2010-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45093
    title CentOS 4 : thunderbird (CESA-2010:0154)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090722_SEAMONKEY_ON_SL4_X.NASL
    description CVE-2009-2462 Mozilla Browser engine crashes CVE-2009-2463 Mozilla Base64 decoding crash CVE-2009-2466 Mozilla JavaScript engine crashes Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. SRPM seamonkey-1.0.9-45.el4_8.src.rpm
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 62809
    published 2012-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62809
    title Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64 (fwd)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0153.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 45361
    published 2010-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45361
    title CentOS 5 : thunderbird (CESA-2010:0153)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090728_SEAMONKEY_ON_SL3_0.NASL
    description CVE-2009-2462 Mozilla Browser engine crashes CVE-2009-2463 Mozilla Base64 decoding crash CVE-2009-2466 Mozilla JavaScript engine crashes Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. SRPM
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60626
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60626
    title Scientific Linux Security Update : seamonkey on SL3.0.9 i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0154.NASL
    description From Red Hat Security Advisory 2010:0154 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68015
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68015
    title Oracle Linux 4 : thunderbird (ELSA-2010-0154)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100317_THUNDERBIRD_ON_SL4_X.NASL
    description Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60750
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60750
    title Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1163.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40341
    published 2009-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40341
    title RHEL 3 / 4 : seamonkey (RHSA-2009:1163)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0153.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 63923
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63923
    title RHEL 5 : thunderbird (RHSA-2010:0153)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0154.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46271
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46271
    title RHEL 4 : thunderbird (RHSA-2010:0154)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1163.NASL
    description From Red Hat Security Advisory 2009:1163 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67894
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67894
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2009-1163)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1162.NASL
    description From Red Hat Security Advisory 2009:1162 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471) Several flaws were found in the way Firefox handles malformed JavaScript code. A website containing malicious content could launch a cross-site scripting (XSS) attack or execute arbitrary JavaScript with the permissions of another website. (CVE-2009-2472) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.12. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.12, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67893
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67893
    title Oracle Linux 4 / 5 : firefox (ELSA-2009-1162)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-071.NASL
    description Multiple vulnerabilities has been found and corrected in mozilla-thunderbird : Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2009-0689). Integer overflow in a base64 decoding function in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2009-2463). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3072). Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3075). Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a dangling pointer vulnerability. (CVE-2009-3077) Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file (CVE-2009-3376). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983). Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2010-0163). This update provides the latest version of Thunderbird which are not vulnerable to these issues. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 45521
    published 2010-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45521
    title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:071)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-7961.NASL
    description Update to new upstream Firefox version 3.0.12, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.12 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 40358
    published 2009-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40358
    title Fedora 10 : Miro-2.0.5-2.fc10 / blam-1.8.5-12.fc10 / devhelp-0.22-10.fc10 / epiphany-2.24.3-8.fc10 / etc (2009-7961)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1163.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 40345
    published 2009-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40345
    title CentOS 3 : seamonkey (CESA-2009:1163)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090723_FIREFOX_ON_SL4_X.NASL
    description Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471) Several flaws were found in the way Firefox handles malformed JavaScript code. A website containing malicious content could launch a cross-site scripting (XSS) attack or execute arbitrary JavaScript with the permissions of another website. (CVE-2009-2472)
    last seen 2019-02-21
    modified 2016-12-14
    plugin id 60618
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60618
    title Scientific Linux Security Update : firefox on SL4.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-182.NASL
    description Security vulnerabilities have been discovered and corrected in Mozilla Firefox 3.0.x : Several flaws were discovered in the Firefox browser and JavaScript engines, which could allow a malicious website to cause a denial of service or possibly execute arbitrary code with user privileges. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2468, CVE-2009-2471) Attila Suszter discovered a flaw in the way Firefox processed Flash content, which could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2467) It was discovered that Firefox did not properly handle some SVG content, which could lead to a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2469) A flaw was discovered in the JavaScript engine which could be used to perform cross-site scripting attacks. (CVE-2009-2472) This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 40438
    published 2009-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40438
    title Mandriva Linux Security Advisory : firefox (MDVSA-2009:182)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_3012.NASL
    description The installed version of Firefox is earlier than 3.0.12. Such versions are potentially affected by the following security issues : - Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code. (MFSA 2009-34) - It may be possible to crash the browser or potentially execute arbitrary code by using a flash object that presents a slow script dialog. (MFSA 2009-35) - Glyph rendering libraries are affected by multiple heap/ integer overflows. (MFSA 2009-36) - A vulnerability involving SVG element could be exploited to crash the browser or execute arbitrary code on the remote system. (MFSA 2009-37) - A SOCKS5 proxy that replies with a hostname containing more than 15 characters can corrupt the subsequent data stream. This can lead to a denial of service, though there is reportedly no memory corruption. (MFSA 2009-38) - A vulnerability in 'setTimeout' could allow unsafe access to the 'this' object from chrome code. An attacker could exploit this flaw to run arbitrary JavaScript with chrome privileges. (MFSA 2009-39) - It may be possible for JavaScript from one website to bypass cross origin wrapper, and unsafely access properties of an object from another website. (MFSA 2009-40)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 40351
    published 2009-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40351
    title Firefox < 3.0.12 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-090724.NASL
    description The Mozilla Firefox 3.0.12 release fixes various bugs and some critical security issues. - Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 / CVE-2009-2464 / CVE-2009-2465 / CVE-2009-2466) - Security researcher Attila Suszter reported that when a page contains a Flash object which presents a slow script dialog, and the page is navigated while the dialog is still visible to the user, the Flash plugin is unloaded resulting in a crash due to a call to the deleted object. This crash could potentially be used by an attacker to run arbitrary code on a victim's computer. (MFSA 2009-35 / CVE-2009-2467) - oCERT security researcher Will Drewry reported a series of heap and integer overflow vulnerabilities which independently affected multiple font glyph rendering libraries. On Linux platforms libpango was susceptible to the vulnerabilities while on OS X CoreGraphics was similarly vulnerable. An attacker could trigger these overflows by constructing a very large text run for the browser to display. Such an overflow can result in a crash which the attacker could potentially use to run arbitrary code on a victim's computer. The open source nature of Linux meant that Mozilla was able to work with the libpango maintainers to implement the correct fix in version 1.24 of that system library which was distributed with OS security updates. On Mac OS X Firefox works around the CoreGraphics flaw by limiting the length of text runs passed to the system. (MFSA 2009-36 / CVE-2009-1194) - Security researcher PenPal reported a crash involving a SVG element on which a watch function and __defineSetter__ function have been set for a particular property. The crash showed evidence of memory corruption and could potentially be used by an attacker to run arbitrary code on a victim's computer. (MFSA 2009-37 / CVE-2009-2469) - Mozilla developer Blake Kaplan reported that setTimeout, when called with certain object parameters which should be protected with a XPCNativeWrapper, will fail to keep the object wrapped when compiling the new function to be executed. If chrome privileged code were to call setTimeout using this as an argument, the this object will lose its wrapper and could be unsafely accessed by chrome code. An attacker could use such vulnerable code to run arbitrary JavaScript with chrome privileges. (MFSA 2009-39 / CVE-2009-2471) - Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in which objects that normally receive a XPCCrossOriginWrapper are constructed without the wrapper. This can lead to cases where JavaScript from one website may unsafely access properties of such an object which had been set by a different website. A malicious website could use this vulnerability to launch a XSS attack and run arbitrary JavaScript within the context of another site. (MFSA 2009-40 / CVE-2009-2472)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41357
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41357
    title SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1134)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_MOZILLAFIREFOX-090724.NASL
    description The MozillaFirefox 3.0.12 release fixes various bugs and some critical security issues. MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 / CVE-2009-2464 / CVE-2009-2465 / CVE-2009-2466: Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-35 / CVE-2009-2467: Security researcher Attila Suszter reported that when a page contains a Flash object which presents a slow script dialog, and the page is navigated while the dialog is still visible to the user, the Flash plugin is unloaded resulting in a crash due to a call to the deleted object. This crash could potentially be used by an attacker to run arbitrary code on a victim's computer. MFSA 2009-36 / CVE-2009-1194: oCERT security researcher Will Drewry reported a series of heap and integer overflow vulnerabilities which independently affected multiple font glyph rendering libraries. On Linux platforms libpango was susceptible to the vulnerabilities while on OS X CoreGraphics was similarly vulnerable. An attacker could trigger these overflows by constructing a very large text run for the browser to display. Such an overflow can result in a crash which the attacker could potentially use to run arbitrary code on a victim's computer. The open-source nature of Linux meant that Mozilla was able to work with the libpango maintainers to implement the correct fix in version 1.24 of that system library which was distributed with OS security updates. On Mac OS X Firefox works around the CoreGraphics flaw by limiting the length of text runs passed to the system. MFSA 2009-37 / CVE-2009-2469: Security researcher PenPal reported a crash involving a SVG element on which a watch function and __defineSetter__ function have been set for a particular property. The crash showed evidence of memory corruption and could potentially be used by an attacker to run arbitrary code on a victim's computer. MFSA 2009-39 / CVE-2009-2471: Mozilla developer Blake Kaplan reported that setTimeout, when called with certain object parameters which should be protected with a XPCNativeWrapper, will fail to keep the object wrapped when compiling the new function to be executed. If chrome privileged code were to call setTimeout using this as an argument, the this object will lose its wrapper and could be unsafely accessed by chrome code. An attacker could use such vulnerable code to run arbitrary JavaScript with chrome privileges. MFSA 2009-40 / CVE-2009-2472: Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in which objects that normally receive a XPCCrossOriginWrapper are constructed without the wrapper. This can lead to cases where JavaScript from one website may unsafely access properties of such an object which had been set by a different website. A malicious website could use this vulnerability to launch a XSS attack and run arbitrary JavaScript within the context of another site.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40404
    published 2009-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40404
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-1135)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090722_FIREFOX_ON_SL4_X.NASL
    description Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471) Several flaws were found in the way Firefox handles malformed JavaScript code. A website containing malicious content could launch a cross-site scripting (XSS) attack or execute arbitrary JavaScript with the permissions of another website. (CVE-2009-2472)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 62808
    published 2012-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62808
    title Scientific Linux Security Update : firefox on SL4.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1840.NASL
    description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2462 Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake Kaplan discovered several issues in the browser engine that could potentially lead to the execution of arbitrary code. (MFSA 2009-34) - CVE-2009-2463 monarch2020 reported an integer overflow in a base64 decoding function. (MFSA 2009-34) - CVE-2009-2464 Christophe Charron reported a possibly exploitable crash occurring when multiple RDF files were loaded in a XUL tree element. (MFSA 2009-34) - CVE-2009-2465 Yongqian Li reported that an unsafe memory condition could be created by specially crafted document. (MFSA 2009-34) - CVE-2009-2466 Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book discovered several issues in the JavaScript engine that could possibly lead to the execution of arbitrary JavaScript. (MFSA 2009-34) - CVE-2009-2467 Attila Suszter discovered an issue related to a specially crafted Flash object, which could be used to run arbitrary code. (MFSA 2009-35) - CVE-2009-2469 PenPal discovered that it is possible to execute arbitrary code via a specially crafted SVG element. (MFSA 2009-37) - CVE-2009-2471 Blake Kaplan discovered a flaw in the JavaScript engine that might allow an attacker to execute arbitrary JavaScript with chrome privileges. (MFSA 2009-39) - CVE-2009-2472 moz_bug_r_a4 discovered an issue in the JavaScript engine that could be used to perform cross-site scripting attacks. (MFSA 2009-40)
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44705
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44705
    title Debian DSA-1840-1 : xulrunner - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_MOZILLAFIREFOX-090724.NASL
    description The MozillaFirefox 3.0.12 release fixes various bugs and some critical security issues. MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 / CVE-2009-2464 / CVE-2009-2465 / CVE-2009-2466: Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-35 / CVE-2009-2467: Security researcher Attila Suszter reported that when a page contains a Flash object which presents a slow script dialog, and the page is navigated while the dialog is still visible to the user, the Flash plugin is unloaded resulting in a crash due to a call to the deleted object. This crash could potentially be used by an attacker to run arbitrary code on a victim's computer. MFSA 2009-36 / CVE-2009-1194: oCERT security researcher Will Drewry reported a series of heap and integer overflow vulnerabilities which independently affected multiple font glyph rendering libraries. On Linux platforms libpango was susceptible to the vulnerabilities while on OS X CoreGraphics was similarly vulnerable. An attacker could trigger these overflows by constructing a very large text run for the browser to display. Such an overflow can result in a crash which the attacker could potentially use to run arbitrary code on a victim's computer. The open-source nature of Linux meant that Mozilla was able to work with the libpango maintainers to implement the correct fix in version 1.24 of that system library which was distributed with OS security updates. On Mac OS X Firefox works around the CoreGraphics flaw by limiting the length of text runs passed to the system. MFSA 2009-37 / CVE-2009-2469: Security researcher PenPal reported a crash involving a SVG element on which a watch function and __defineSetter__ function have been set for a particular property. The crash showed evidence of memory corruption and could potentially be used by an attacker to run arbitrary code on a victim's computer. MFSA 2009-39 / CVE-2009-2471: Mozilla developer Blake Kaplan reported that setTimeout, when called with certain object parameters which should be protected with a XPCNativeWrapper, will fail to keep the object wrapped when compiling the new function to be executed. If chrome privileged code were to call setTimeout using this as an argument, the this object will lose its wrapper and could be unsafely accessed by chrome code. An attacker could use such vulnerable code to run arbitrary JavaScript with chrome privileges. MFSA 2009-40 / CVE-2009-2472: Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in which objects that normally receive a XPCCrossOriginWrapper are constructed without the wrapper. This can lead to cases where JavaScript from one website may unsafely access properties of such an object which had been set by a different website. A malicious website could use this vulnerability to launch a XSS attack and run arbitrary JavaScript within the context of another site.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40403
    published 2009-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40403
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-1135)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090723_FIREFOX_ON_SL5_X.NASL
    description Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471) Several flaws were found in the way Firefox handles malformed JavaScript code. A website containing malicious content could launch a cross-site scripting (XSS) attack or execute arbitrary JavaScript with the permissions of another website. (CVE-2009-2472)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60619
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60619
    title Scientific Linux Security Update : firefox on SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1162.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471) Several flaws were found in the way Firefox handles malformed JavaScript code. A website containing malicious content could launch a cross-site scripting (XSS) attack or execute arbitrary JavaScript with the permissions of another website. (CVE-2009-2472) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.12. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.12, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43769
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43769
    title CentOS 5 : firefox (CESA-2009:1162)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-798-1.NASL
    description Several flaws were discovered in the Firefox browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2469) Attila Suszter discovered a flaw in the way Firefox processed Flash content. If a user were tricked into viewing and navigating within a specially crafted Flash object, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2467) It was discovered that Firefox did not properly handle some SVG content. An attacker could exploit this to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2469) A flaw was discovered in the JavaScript engine. If a user were tricked into viewing a malicious website, an attacker could exploit this perform cross-site scripting attacks. (CVE-2009-2472). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 40348
    published 2009-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40348
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-798-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-6379.NASL
    description The MozillaFirefox 3.0.12 release fixes various bugs and some critical security issues. MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 / CVE-2009-2464 / CVE-2009-2465 / CVE-2009-2466: Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-35 / CVE-2009-2467: Security researcher Attila Suszter reported that when a page contains a Flash object which presents a slow script dialog, and the page is navigated while the dialog is still visible to the user, the Flash plugin is unloaded resulting in a crash due to a call to the deleted object. This crash could potentially be used by an attacker to run arbitrary code on a victim's computer. MFSA 2009-36 / CVE-2009-1194: oCERT security researcher Will Drewry reported a series of heap and integer overflow vulnerabilities which independently affected multiple font glyph rendering libraries. On Linux platforms libpango was susceptible to the vulnerabilities while on OS X CoreGraphics was similarly vulnerable. An attacker could trigger these overflows by constructing a very large text run for the browser to display. Such an overflow can result in a crash which the attacker could potentially use to run arbitrary code on a victim's computer. The open-source nature of Linux meant that Mozilla was able to work with the libpango maintainers to implement the correct fix in version 1.24 of that system library which was distributed with OS security updates. On Mac OS X Firefox works around the CoreGraphics flaw by limiting the length of text runs passed to the system. MFSA 2009-37 / CVE-2009-2469: Security researcher PenPal reported a crash involving a SVG element on which a watch function and __defineSetter__ function have been set for a particular property. The crash showed evidence of memory corruption and could potentially be used by an attacker to run arbitrary code on a victim's computer. MFSA 2009-39 / CVE-2009-2471: Mozilla developer Blake Kaplan reported that setTimeout, when called with certain object parameters which should be protected with a XPCNativeWrapper, will fail to keep the object wrapped when compiling the new function to be executed. If chrome privileged code were to call setTimeout using this as an argument, the this object will lose its wrapper and could be unsafely accessed by chrome code. An attacker could use such vulnerable code to run arbitrary JavaScript with chrome privileges. MFSA 2009-40 / CVE-2009-2472: Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in which objects that normally receive a XPCCrossOriginWrapper are constructed without the wrapper. This can lead to cases where JavaScript from one website may unsafely access properties of such an object which had been set by a different website. A malicious website could use this vulnerability to launch a XSS attack and run arbitrary JavaScript within the context of another site.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 41983
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41983
    title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6379)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1162.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471) Several flaws were found in the way Firefox handles malformed JavaScript code. A website containing malicious content could launch a cross-site scripting (XSS) attack or execute arbitrary JavaScript with the permissions of another website. (CVE-2009-2472) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.12. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.12, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 40340
    published 2009-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40340
    title RHEL 4 / 5 : firefox (RHSA-2009:1162)
oval via4
accepted 2013-04-29T04:09:53.289-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description and (10) nsContentUtils::ComparePosition.
family unix
id oval:org.mitre.oval:def:10906
status accepted
submitted 2010-07-09T03:56:16-04:00
title and (10) nsContentUtils::ComparePosition.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2009:1162
  • rhsa
    id RHSA-2009:1163
  • rhsa
    id RHSA-2010:0153
  • rhsa
    id RHSA-2010:0154
rpms
  • firefox-0:3.0.12-1.el4
  • xulrunner-0:1.9.0.12-1.el5_3
  • xulrunner-devel-0:1.9.0.12-1.el5_3
  • xulrunner-devel-unstable-0:1.9.0.12-1.el5_3
  • firefox-0:3.0.12-1.el5_3
  • seamonkey-0:1.0.9-0.40.el3
  • seamonkey-chat-0:1.0.9-0.40.el3
  • seamonkey-devel-0:1.0.9-0.40.el3
  • seamonkey-dom-inspector-0:1.0.9-0.40.el3
  • seamonkey-js-debugger-0:1.0.9-0.40.el3
  • seamonkey-mail-0:1.0.9-0.40.el3
  • seamonkey-nspr-0:1.0.9-0.40.el3
  • seamonkey-nspr-devel-0:1.0.9-0.40.el3
  • seamonkey-nss-0:1.0.9-0.40.el3
  • seamonkey-nss-devel-0:1.0.9-0.40.el3
  • seamonkey-0:1.0.9-45.el4_8
  • seamonkey-chat-0:1.0.9-45.el4_8
  • seamonkey-devel-0:1.0.9-45.el4_8
  • seamonkey-dom-inspector-0:1.0.9-45.el4_8
  • seamonkey-js-debugger-0:1.0.9-45.el4_8
  • seamonkey-mail-0:1.0.9-45.el4_8
  • thunderbird-0:2.0.0.24-2.el5_4
  • thunderbird-0:1.5.0.12-25.el4
refmap via4
bid 35758
confirm
fedora FEDORA-2009-7961
secunia
  • 35914
  • 35943
  • 35944
  • 35947
  • 36005
  • 36145
sunalert
  • 1020800
  • 265068
suse
  • SUSE-SA:2009:039
  • SUSE-SA:2009:042
vupen
  • ADV-2009-1972
  • ADV-2009-2152
  • ADV-2010-0650
Last major update 21-08-2010 - 01:33
Published 22-07-2009 - 14:30
Last modified 30-10-2018 - 12:25
Back to Top