[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1313Date: (C)2009-04-30   (M)2023-12-22


The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1022126
SECTRACK-1022127
BID-34743
SECUNIA-34851
SECUNIA-34866
SECUNIA-34910
SECUNIA-34919
ADV-2009-1180
MDVSA-2009:111
RHSA-2009:0449
SSA:2009-118-01
USN-765-1
http://www.mozilla.org/security/announce/2009/mfsa2009-23.html
https://bugzilla.mozilla.org/show_bug.cgi?id=489647
https://bugzilla.mozilla.org/show_bug.cgi?id=489676
https://bugzilla.mozilla.org/show_bug.cgi?id=490233
https://bugzilla.redhat.com/show_bug.cgi?id=497447
oval:org.mitre.oval:def:10446

CPE    1
cpe:/a:mozilla:firefox:3.0.9
CWE    1
CWE-399
OVAL    47
oval:org.secpod.oval:def:300932
oval:org.secpod.oval:def:102028
oval:org.secpod.oval:def:202114
oval:org.secpod.oval:def:102266
...

© SecPod Technologies