CVE-2009-2478 - Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference a

CVE-2009-2478

Summary

Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."

References

https://bugzilla.mozilla.org/show_bug.cgi?id=502648
https://bugzilla.mozilla.org/show_bug.cgi?id=503286
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html

Vulnerable Configurations

cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 07-08-2009 - 05:22)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://bugzilla.mozilla.org/show_bug.cgi?id=502648 https://bugzilla.mozilla.org/show_bug.cgi?id=503286
fedora	FEDORA-2009-7898

Last major update

07-08-2009 - 05:22

Published

16-07-2009 - 15:30

Last modified

07-08-2009 - 05:22