CVE-2009-3389Mozilla Seamonkey vulnerability

CWE-1899 documents8 sources
Severity
9.3CRITICALNVD
EPSS
5.5%
top 9.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla SeamonkeyMozilla Firefox
Timeline
PublishedDec 17
Latest updateMay 2

Description

Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/seamonkey2.0+35
NVDmozilla/firefox5 versions+4

Patches

Patch: www.mozilla.orgPatch: www.vupen.comPatch: www.mozilla.org

🔴Vulnerability Details

3
GHSA
GHSA-vvqg-rc4c-3qfj: Integer overflow in libtheora in Xiph2022-05-02
CVEList
CVE-2009-3389: Integer overflow in libtheora in Xiph2009-12-17
OSV
CVE-2009-3389: Integer overflow in libtheora in Xiph2009-12-17

📋Vendor Advisories

4
Ubuntu
Firefox 3.5 and Xulrunner 1.9.1 regression2010-01-08
Ubuntu
Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities2009-12-18
Red Hat
libtheora: DoS or arbitrary code execution via a video with large dimensions2009-12-15
Debian
CVE-2009-3389: libtheora - Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla ...2009

💬Community

1
Bugzilla
CVE-2009-3389 libtheora: DoS or arbitrary code execution via a video with large dimensions2009-12-17
CVE-2009-3389 — Mozilla Seamonkey vulnerability | cvebase