ID CVE-2009-3389
Summary Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.
References
Vulnerable Configurations
  • Mozilla Firefox 3.5.1
    cpe:2.3:a:mozilla:firefox:3.5.1
  • Mozilla Firefox 3.5.2
    cpe:2.3:a:mozilla:firefox:3.5.2
  • Mozilla Firefox 3.5.3
    cpe:2.3:a:mozilla:firefox:3.5.3
  • Mozilla Firefox 3.5.4
    cpe:2.3:a:mozilla:firefox:3.5.4
  • Mozilla Firefox 3.5.5
    cpe:2.3:a:mozilla:firefox:3.5.5
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • cpe:2.3:a:mozilla:seamonkey:1.0.99
    cpe:2.3:a:mozilla:seamonkey:1.0.99
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • Mozilla SeaMonkey 1.1.14
    cpe:2.3:a:mozilla:seamonkey:1.1.14
  • Mozilla SeaMonkey 1.1.12
    cpe:2.3:a:mozilla:seamonkey:1.1.12
  • Mozilla SeaMonkey 1.1.15
    cpe:2.3:a:mozilla:seamonkey:1.1.15
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla SeaMonkey 1.1.16
    cpe:2.3:a:mozilla:seamonkey:1.1.16
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla SeaMonkey 1.1.17
    cpe:2.3:a:mozilla:seamonkey:1.1.17
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla SeaMonkey 1.1.13
    cpe:2.3:a:mozilla:seamonkey:1.1.13
  • Mozilla SeaMonkey 1.1.11
    cpe:2.3:a:mozilla:seamonkey:1.1.11
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla SeaMonkey 2.0
    cpe:2.3:a:mozilla:seamonkey:2.0
  • Mozilla SeaMonkey 1.5.0.10
    cpe:2.3:a:mozilla:seamonkey:1.5.0.10
  • Mozilla SeaMonkey 2.0 Alpha 2
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2
  • Mozilla SeaMonkey 2.0 Alpha 1
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1
  • Mozilla SeaMonkey 1.5.0.8
    cpe:2.3:a:mozilla:seamonkey:1.5.0.8
  • Mozilla SeaMonkey 1.5.0.9
    cpe:2.3:a:mozilla:seamonkey:1.5.0.9
  • Mozilla SeaMonkey 2.0 RC1
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1
  • Mozilla SeaMonkey 2.0 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2
  • Mozilla SeaMonkey 2.0 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1
  • Mozilla SeaMonkey 2.0 Alpha 3
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3
  • cpe:2.3:a:mozilla:seamonkey:2.0a1:-:pre
    cpe:2.3:a:mozilla:seamonkey:2.0a1:-:pre
  • cpe:2.3:a:mozilla:seamonkey:2.0a1pre
    cpe:2.3:a:mozilla:seamonkey:2.0a1pre
  • Mozilla SeaMonkey 2.0 RC2
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2
CVSS
Base: 9.3 (as of 17-12-2009 - 13:02)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-13333.NASL
    description Update to new upstream Firefox version 3.5.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.6 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 CVE-2009-3388 CVE-2009-3389 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 43334
    published 2009-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43334
    title Fedora 11 : Miro-2.5.2-7.fc11 / blam-1.8.5-17.fc11 / chmsee-1.0.1-14.fc11 / epiphany-2.26.3-7.fc11 / etc (2009-13333)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-13362.NASL
    description Update to new upstream SeaMonkey version 2.0.1, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.1 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 CVE-2009-3388 CVE-2009-3389 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 43336
    published 2009-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43336
    title Fedora 12 : seamonkey-2.0.1-1.fc12 (2009-13362)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_MOZILLAFIREFOX-091217.NASL
    description The Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982 Crashes with evidence of memory corruption (rv:1.9.1.6) - MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library - MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43383
    published 2009-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43383
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-1708)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-6735.NASL
    description The Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption (rv:1.9.1.6). (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982) - (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library. (MFSA 2009-66 / CVE-2009-3388) - (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library. (MFSA 2009-67 / CVE-2009-3389) - (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983) - (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985) - (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 49889
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49889
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6735)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBTHEORA-100224.NASL
    description An integer overflow was fixed in libtheora. It could be exploited remotely to execute arbitrary code. CVE-2009-3389: CVSS v2 Base Score: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C): Numeric Errors (CWE-189)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45455
    published 2010-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45455
    title openSUSE Security Update : libtheora (libtheora-2069)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201312-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201312-04 (libtheora: Arbitrary code execution) An integer overflow flaw has been discovered in libtheora. Impact : A remote attacker could execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 71170
    published 2013-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71170
    title GLSA-201312-04 : libtheora: Arbitrary code execution
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBTHEORA-100224.NASL
    description An integer overflow was fixed in libtheora. It could be exploited remotely to execute arbitrary code. CVE-2009-3389: CVSS v2 Base Score: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C): Numeric Errors (CWE-189)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45461
    published 2010-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45461
    title openSUSE Security Update : libtheora (libtheora-2069)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-043.NASL
    description A vulnerability have been discovered and corrected in libtheora : Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions (CVE-2009-3389). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 44673
    published 2010-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44673
    title Mandriva Linux Security Advisory : libtheora (MDVSA-2010:043)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBTHEORA-100225.NASL
    description An integer overflow was fixed in libtheora. It could be exploited remotely to execute arbitrary code. CVE-2009-3389: CVSS v2 Base Score: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C): Numeric Errors (CWE-189)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45467
    published 2010-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45467
    title openSUSE Security Update : libtheora (libtheora-2069)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_301.NASL
    description The installed version of Thunderbird is earlier than 3.0.1. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2009-65) - Multiple vulnerabilities in 'liboggplay' can lead to arbitrary code execution. (MFSA 2009-66) - An integer overflow in the 'Theora' video library can lead to a crash or the execution of arbitrary code. (MFSA 2009-67)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 44111
    published 2010-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44111
    title Mozilla Thunderbird < 3.0.1 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2045.NASL
    description Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service (crash of the player using this library), and possibly arbitrary code execution.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46316
    published 2010-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46316
    title Debian DSA-2045-1 : libtheora - integer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-091217.NASL
    description The Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption (rv:1.9.1.6). (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982) - (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library. (MFSA 2009-66 / CVE-2009-3388) - (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library. (MFSA 2009-67 / CVE-2009-3389) - (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983) - (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985) - (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43386
    published 2009-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43386
    title SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1709)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBTHEORA-100224.NASL
    description An integer overflow was fixed in libtheora. It could be exploited remotely to execute arbitrary code. CVE-2009-3389: CVSS v2 Base Score: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C): Numeric Errors. (CWE-189)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 50944
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50944
    title SuSE 11 Security Update : libtheora (SAT Patch Number 2067)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_MOZILLATHUNDERBIRD-100305.NASL
    description Mozilla Thunderbird was upgraded to version 3.0.3, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982: Crashes with evidence of memory corruption were fixed. (rv:1.9.1.6) MFSA 2009-66 / CVE-2009-3388 (bmo#504843,bmo#523816): Memory safety fixes in liboggplay media library were added. MFSA 2009-67 / CVE-2009-3389 (bmo#515882,bmo#504613): An Integer overflow, crash in libtheora video library was fixed.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45034
    published 2010-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45034
    title SuSE 11.2 Security Update: MozillaThunderbird (2010-03-05)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1673.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979) A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user's NTLM credentials, to other applications on the user's system. (CVE-2009-3983) A flaw was found in the way SeaMonkey displayed the SSL location bar indicator. An attacker could create an unencrypted web page that appears to be encrypted, possibly tricking the user into believing they are visiting a secure page. (CVE-2009-3984) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43170
    published 2009-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43170
    title RHEL 3 / 4 : seamonkey (RHSA-2009:1673)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1673.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979) A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user's NTLM credentials, to other applications on the user's system. (CVE-2009-3983) A flaw was found in the way SeaMonkey displayed the SSL location bar indicator. An attacker could create an unencrypted web page that appears to be encrypted, possibly tricking the user into believing they are visiting a secure page. (CVE-2009-3984) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id