[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1571Date: (C)2010-02-22   (M)2024-03-27


Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
http://www.securityfocus.com/archive/1/archive/1/509585/100/0/threaded
SECUNIA-37242
SECUNIA-38770
SECUNIA-38772
SECUNIA-38847
ADV-2010-0405
ADV-2010-0650
DSA-1999
FEDORA-2010-1727
FEDORA-2010-1932
FEDORA-2010-1936
FEDORA-2010-3230
FEDORA-2010-3267
MDVSA-2010:042
MDVSA-2010:051
RHSA-2010:0112
RHSA-2010:0113
RHSA-2010:0153
RHSA-2010:0154
SUSE-SA:2010:015
USN-895-1
USN-896-1
http://secunia.com/secunia_research/2009-45/
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html
https://bugzilla.mozilla.org/show_bug.cgi?id=526500
mozilla-htmlparser-code-exec(56361)
oval:org.mitre.oval:def:11227
oval:org.mitre.oval:def:8615

CPE    64
cpe:/a:mozilla:firefox:3.5.7
cpe:/a:mozilla:firefox:3.5.5
cpe:/a:mozilla:firefox:3.5.6
cpe:/a:mozilla:firefox:3.5.3
...
CWE    1
CWE-94
OVAL    58
oval:org.secpod.oval:def:200069
oval:org.secpod.oval:def:200043
oval:org.secpod.oval:def:200010
oval:org.secpod.oval:def:100003
...

© SecPod Technologies