CVE-2009-3379 — Mozilla Firefox vulnerability

8 documents8 sources

Severity

10.0CRITICALNVD

CNA9.3OSV9.3

EPSS

4.9%

top 10.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xiph.org Libvorbis Mozilla Firefox

Timeline

PublishedOct 29

Latest updateMay 2

Description

Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.5.1, 3.5.2, 3.5.3+2

▶Debianxiph.org/libvorbis< 1.2.3-1+3

Patches

Patch: www.mozilla.org ↗Patch: bugzilla.mozilla.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-f7fv-7rmr-mpcf: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3↗2022-05-02

▶

OSV

CVE-2009-3379: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3↗2009-10-29

▶

CVEList

CVE-2009-3379: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3↗2009-10-29

▶

📋Vendor Advisories

Ubuntu

libvorbis vulnerabilities↗2009-11-24

▶

Red Hat

libvorbis: security fixes mentioned in MFSA 2009-63↗2009-10-27

▶

Debian

CVE-2009-3379: libvorbis - Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3....↗2009

▶

💬Community

Bugzilla

CVE-2009-3379 libvorbis: security fixes mentioned in MFSA 2009-63↗2009-10-29

▶