CVE-2009-1313
published 2009-04-30CVE-2009-1313: The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service…
PriorityP349critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
8.39%
94.3th percentile
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox and Xulrunner vulnerabilities
vendor_ubuntu·2009-04-28
CVE-2009-1313 Firefox and Xulrunner vulnerabilities
Title: Firefox and Xulrunner vulnerabilities
Summary: Firefox and Xulrunner vulnerabilities
It was discovered that the upstream security fixes in USN-764-1 introduced
a regression which could cause the browser to crash. If a user were tricked
into viewing a malicious website, a remote attacker could cause a denial of
service or possibly execute arbitrary code with the privileges of the user
invoking the program.
Instructions: After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner, such as Epiphany, to effect the necessary
changes.
Red Hat
nsTextFrame:: ClearTextRun()
vendor_redhat·2009-04-27·CVSS 5.0
CVE-2009-1313 [MEDIUM] nsTextFrame:: ClearTextRun()
nsTextFrame:: ClearTextRun()
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
GHSA
GHSA-ph69-fr9j-4gj2: The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2009-1313 [MEDIUM] GHSA-ph69-fr9j-4gj2: The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
No detection rules found.
http://secunia.com/advisories/34851http://secunia.com/advisories/34866http://secunia.com/advisories/34910http://secunia.com/advisories/34919http://securitytracker.com/id?1022126http://securitytracker.com/id?1022127http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.350967http://www.mandriva.com/security/advisories?name=MDVSA-2009:111http://www.mozilla.org/security/announce/2009/mfsa2009-23.htmlhttp://www.securityfocus.com/bid/34743http://www.ubuntu.com/usn/USN-765-1http://www.vupen.com/english/advisories/2009/1180https://bugzilla.mozilla.org/show_bug.cgi?id=489647https://bugzilla.mozilla.org/show_bug.cgi?id=489676https://bugzilla.mozilla.org/show_bug.cgi?id=490233https://bugzilla.redhat.com/show_bug.cgi?id=497447https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10446https://rhn.redhat.com/errata/RHSA-2009-0449.htmlhttp://secunia.com/advisories/34851http://secunia.com/advisories/34866http://secunia.com/advisories/34910http://secunia.com/advisories/34919http://securitytracker.com/id?1022126http://securitytracker.com/id?1022127http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.350967http://www.mandriva.com/security/advisories?name=MDVSA-2009:111http://www.mozilla.org/security/announce/2009/mfsa2009-23.htmlhttp://www.securityfocus.com/bid/34743http://www.ubuntu.com/usn/USN-765-1http://www.vupen.com/english/advisories/2009/1180https://bugzilla.mozilla.org/show_bug.cgi?id=489647https://bugzilla.mozilla.org/show_bug.cgi?id=489676https://bugzilla.mozilla.org/show_bug.cgi?id=490233https://bugzilla.redhat.com/show_bug.cgi?id=497447https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10446https://rhn.redhat.com/errata/RHSA-2009-0449.html
2009-04-30
Published