CVE-2009-1571

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-1571
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
http://secunia.com/advisories/37242 Vendor Advisory
http://secunia.com/advisories/38770
http://secunia.com/advisories/38772
http://secunia.com/advisories/38847
http://secunia.com/secunia_research/2009-45/ Vendor Advisory
http://www.debian.org/security/2010/dsa-1999
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
http://www.mandriva.com/security/advisories?name=MDVSA-2010:051
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0112.html
http://www.redhat.com/support/errata/RHSA-2010-0113.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.securityfocus.com/archive/1/509585/100/0/threaded
http://www.ubuntu.com/usn/USN-895-1
http://www.ubuntu.com/usn/USN-896-1
http://www.vupen.com/english/advisories/2010/0405 Vendor Advisory
http://www.vupen.com/english/advisories/2010/0650
https://bugzilla.mozilla.org/show_bug.cgi?id=526500
https://exchange.xforce.ibmcloud.com/vulnerabilities/56361
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
http://secunia.com/advisories/37242 Vendor Advisory
http://secunia.com/advisories/38770
http://secunia.com/advisories/38772
http://secunia.com/advisories/38847
http://secunia.com/secunia_research/2009-45/ Vendor Advisory
http://www.debian.org/security/2010/dsa-1999
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
http://www.mandriva.com/security/advisories?name=MDVSA-2010:051
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0112.html
http://www.redhat.com/support/errata/RHSA-2010-0113.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.securityfocus.com/archive/1/509585/100/0/threaded
http://www.ubuntu.com/usn/USN-895-1
http://www.ubuntu.com/usn/USN-896-1
http://www.vupen.com/english/advisories/2010/0405 Vendor Advisory
http://www.vupen.com/english/advisories/2010/0650
https://bugzilla.mozilla.org/show_bug.cgi?id=526500
https://exchange.xforce.ibmcloud.com/vulnerabilities/56361
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
History

21 Nov 2024, 01:02

Type Values Removed Values Added
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html -
References () http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html - () http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html -
References () http://secunia.com/advisories/37242 - Vendor Advisory () http://secunia.com/advisories/37242 - Vendor Advisory
References () http://secunia.com/advisories/38770 - () http://secunia.com/advisories/38770 -
References () http://secunia.com/advisories/38772 - () http://secunia.com/advisories/38772 -
References () http://secunia.com/advisories/38847 - () http://secunia.com/advisories/38847 -
References () http://secunia.com/secunia_research/2009-45/ - Vendor Advisory () http://secunia.com/secunia_research/2009-45/ - Vendor Advisory
References () http://www.debian.org/security/2010/dsa-1999 - () http://www.debian.org/security/2010/dsa-1999 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 - () http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2010:051 - () http://www.mandriva.com/security/advisories?name=MDVSA-2010:051 -
References () http://www.mozilla.org/security/announce/2010/mfsa2010-03.html - Vendor Advisory () http://www.mozilla.org/security/announce/2010/mfsa2010-03.html - Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2010-0112.html - () http://www.redhat.com/support/errata/RHSA-2010-0112.html -
References () http://www.redhat.com/support/errata/RHSA-2010-0113.html - () http://www.redhat.com/support/errata/RHSA-2010-0113.html -
References () http://www.redhat.com/support/errata/RHSA-2010-0153.html - () http://www.redhat.com/support/errata/RHSA-2010-0153.html -
References () http://www.redhat.com/support/errata/RHSA-2010-0154.html - () http://www.redhat.com/support/errata/RHSA-2010-0154.html -
References () http://www.securityfocus.com/archive/1/509585/100/0/threaded - () http://www.securityfocus.com/archive/1/509585/100/0/threaded -
References () http://www.ubuntu.com/usn/USN-895-1 - () http://www.ubuntu.com/usn/USN-895-1 -
References () http://www.ubuntu.com/usn/USN-896-1 - () http://www.ubuntu.com/usn/USN-896-1 -
References () http://www.vupen.com/english/advisories/2010/0405 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/0405 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2010/0650 - () http://www.vupen.com/english/advisories/2010/0650 -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=526500 - () https://bugzilla.mozilla.org/show_bug.cgi?id=526500 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/56361 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/56361 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615 -
Information

Published : 2010-02-22 13:00

Updated : 2025-04-11 00:51

NVD link : CVE-2009-1571

Mitre link : CVE-2009-1571

CVE.ORG link : CVE-2009-1571

JSON object : View

Products Affected

mozilla

  • seamonkey
  • firefox
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')