CVE-2009-3072
Vulnerability Summary
Timeline
Description
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.
CVSS Metrics
- v2.0•HIGH•Score: 10AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 4.75%• Percentile: 90%
Affected Systems
- mozilla•firefox
≤ 3.0.13 | 0.1 | 0.2 | 0.3 | 0.4 | 0.5 | 0.6 | 0.6.1 | 0.7 | 0.7.1 | 0.8 | 0.9 | 0.9:rc | 0.9.1 | 0.9.2 | 0.9.3 | 0.9_rc | 0.10 | 0.10.1 | 1.0 | 1.0:preview_release | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.4.1 | 1.5 | 1.5:beta1 | 1.5:beta2 | 1.5.0.1 | 1.5.0.2 | 1.5.0.3 | 1.5.0.4 | 1.5.0.5 | 1.5.0.6 | 1.5.0.7 | 1.5.0.8 | 1.5.0.9 | 1.5.0.10 | 1.5.0.11 | 1.5.0.12 | 1.5.1 | 1.5.2 | 1.5.3 | 1.5.4 | 1.5.5 | 1.5.6 | 1.5.7 | 1.5.8 | 1.8 | 2.0 | 2.0:beta_1 | 2.0:beta1 | 2.0:rc2 | 2.0:rc3 | 2.0.0.1 | 2.0.0.2 | 2.0.0.3 | 2.0.0.4 | 2.0.0.5 | 2.0.0.6 | 2.0.0.7 | 2.0.0.8 | 2.0.0.9 | 2.0.0.10 | 2.0.0.11 | 2.0.0.12 | 2.0.0.13 | 2.0.0.14 | 2.0.0.15 | 2.0.0.16 | 2.0.0.17 | 2.0.0.18 | 2.0.0.19 | 2.0.0.20 | 2.0.0.21 | 2.0_.1 | 2.0_.4 | 2.0_.5 | 2.0_.6 | 2.0_.7 | 2.0_.9 | 2.0_.10 | 2.0_8 | 3.0 | 3.0:alpha | 3.0:beta2 | 3.0:beta5 | 3.0.1 | 3.0.2 | 3.0.3 | 3.0.4 | 3.0.5 | 3.0.6 | 3.0.7 | 3.0.8 | 3.0.9 | 3.0.10 | 3.0.11 | 3.0.12 | 3.5 | 3.5.1 | 3.5.2
References (26)
- http://www.debian.org/security/2009/dsa-1885
- http://www.redhat.com/support/errata/RHSA-2010-0153.html
- http://www.securityfocus.com/bid/36343
- http://secunia.com/advisories/39001
- http://www.novell.com/linux/security/advisories/2009_48_firefox.html
- http://www.redhat.com/support/errata/RHSA-2009-1430.html
- http://www.vupen.com/english/advisories/2010/0648
- http://www.vupen.com/english/advisories/2010/0650
- http://secunia.com/advisories/36692
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=501900
- http://secunia.com/advisories/36670
- http://secunia.com/advisories/36671
- http://www.mozilla.org/security/announce/2009/mfsa2009-47.html
- http://secunia.com/advisories/38977
- http://secunia.com/advisories/36669
- http://www.redhat.com/support/errata/RHSA-2010-0154.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=508074
- http://www.redhat.com/support/errata/RHSA-2009-1432.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=494283
- http://secunia.com/advisories/37098
- http://www.ubuntu.com/usn/USN-915-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10349
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6315
- http://www.mozilla.org/security/announce/2010/mfsa2010-07.html
- http://www.redhat.com/support/errata/RHSA-2009-1431.html