CVE-2009-2463 — Out-of-bounds Write in Mozilla Firefox

CWE-1898 documents7 sources

Severity

10.0CRITICALNVD

EPSS

5.2%

top 10.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Nspr Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedJul 22

Latest updateMay 2

Description

Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox90 versions+89

▶NVDmozilla/thunderbird21 versions+20

▶debiandebian/nspr< nspr 4.8.2-1 (bookworm)

Patches

Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-483p-23q4-52hc: Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64↗2022-05-02

▶

OSV

CVE-2009-2463: Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64↗2009-07-22

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2010-03-18

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-07-22

▶

Red Hat

Mozilla Base64 decoding crash↗2009-07-21

▶

Debian

CVE-2009-2463: nspr - Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode fu...↗2009

▶

💬Community

Bugzilla

CVE-2009-2463 Mozilla Base64 decoding crash↗2009-07-16

▶