CVE-2009-1304

Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 22 Apr 2009, 18:00
Last modified:07 Aug 2024, 05:04

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
6.66% LOW
7% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected

Timeline

22 Apr 2009, 18:00
Published
Vulnerability first disclosed
07 Aug 2024, 05:04
Last Modified
Vulnerability information updated

Description

The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.

CVSS Metrics

  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 6.66% Percentile: 91%

Techniques & Countermeasures

  • CWE-399Resource Management Errors

    Weaknesses in this category are related to improper management of system resources.

Affected Systems

  • mozillafirefox

    3.0 | 3.0.1 | 3.0.2 | 3.0.3 | 3.0.4 | 3.0.5 | 3.0.6 | 3.0.7 | 3.0.8

  • mozillaseamonkey

    ≤ 1.1.13 | 1.0 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.0.9 | 1.1 | 1.1:alpha | 1.1:beta | 1.1.1 | 1.1.2 | 1.1.3 | 1.1.4 | 1.1.5 | 1.1.6 | 1.1.7 | 1.1.8 | 1.1.9 | 1.1.10 | 1.1.11 | 1.1.12 | 1.1.14 | 1.1.15

  • mozillathunderbird

    ≤ 2.0.0.19 | 1.0 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.5:beta | 1.0.6 | 1.0.7 | 1.0.8 | 1.5 | 1.5:beta2 | 1.5.0.1 | 1.5.0.2 | 1.5.0.3 | 1.5.0.4 | 1.5.0.5 | 1.5.0.6 | 1.5.0.7 | 1.5.0.8 | 1.5.0.9 | 1.5.0.10 | 1.5.0.11 | 1.5.0.12 | 1.5.0.13 | 1.5.0.14 | 1.5.1 | 1.5.2 | 2.0.0.0 | 2.0.0.4 | 2.0.0.5 | 2.0.0.6 | 2.0.0.9 | 2.0.0.12 | 2.0.0.14 | 2.0.0.16 | 2.0.0.17 | 2.0.0.18 | 2.0.0.20 | 2.0.0.21

References (27)