CVE-2009-1392 — Code Injection in Mozilla Seamonkey

CWE-94 — Code Injection7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

15.7%

top 5.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox

Timeline

PublishedJun 12

Latest updateMay 2

Description

The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFr…

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/seamonkey1.1.16+21

▶NVDmozilla/thunderbird2.0.0.19+66

▶NVDmozilla/firefox11 versions+10

Patches

Patch: rhn.redhat.com ↗Patch: securitytracker.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-w6c9-g8ph-r488: The browser engine in Mozilla Firefox 3 before 3↗2022-05-02

▶

CVEList

CVE-2009-1392: The browser engine in Mozilla Firefox 3 before 3↗2009-06-12

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2009-06-25

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-06-12

▶

Red Hat

Firefox browser engine crashes↗2009-06-11

▶

💬Community

Bugzilla

CVE-2009-1392 Firefox browser engine crashes↗2009-06-01

▶