CVE-2009-0771

The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
mozillafirefox
𝑥
≤ 3.0.6
mozillafirefox
1.0
mozillafirefox
1.0.1
mozillafirefox
1.0.2
mozillafirefox
1.0.3
mozillafirefox
1.0.4
mozillafirefox
1.0.5
mozillafirefox
1.0.6
mozillafirefox
1.0.7
mozillafirefox
1.0.8
mozillafirefox
1.5
mozillafirefox
1.5.0.1
mozillafirefox
1.5.0.2
mozillafirefox
1.5.0.3
mozillafirefox
1.5.0.4
mozillafirefox
1.5.0.5
mozillafirefox
1.5.0.6
mozillafirefox
1.5.0.7
mozillafirefox
1.5.0.8
mozillafirefox
1.5.0.9
mozillafirefox
1.5.0.10
mozillafirefox
1.5.0.11
mozillafirefox
1.5.0.12
mozillafirefox
2.0
mozillafirefox
2.0.0.1
mozillafirefox
2.0.0.2
mozillafirefox
2.0.0.3
mozillafirefox
2.0.0.4
mozillafirefox
2.0.0.5
mozillafirefox
2.0.0.6
mozillafirefox
2.0.0.7
mozillafirefox
2.0.0.8
mozillafirefox
2.0.0.9
mozillafirefox
2.0.0.10
mozillafirefox
2.0.0.11
mozillafirefox
2.0.0.12
mozillafirefox
2.0.0.13
mozillafirefox
2.0.0.14
mozillafirefox
2.0.0.15
mozillafirefox
2.0.0.16
mozillafirefox
2.0.0.17
mozillafirefox
2.0.0.18
mozillafirefox
2.0.0.19
mozillafirefox
2.0.0.20
mozillafirefox
3.0
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
mozillaseamonkey
𝑥
≤ 1.1.14
mozillaseamonkey
1.0
mozillaseamonkey
1.0.1
mozillaseamonkey
1.0.2
mozillaseamonkey
1.0.3
mozillaseamonkey
1.0.5
mozillaseamonkey
1.0.6
mozillaseamonkey
1.0.7
mozillaseamonkey
1.0.8
mozillaseamonkey
1.0.9
mozillaseamonkey
1.1
mozillaseamonkey
1.1:alpha
mozillaseamonkey
1.1:beta
mozillaseamonkey
1.1.1
mozillaseamonkey
1.1.2
mozillaseamonkey
1.1.3
mozillaseamonkey
1.1.4
mozillaseamonkey
1.1.5
mozillaseamonkey
1.1.6
mozillaseamonkey
1.1.7
mozillaseamonkey
1.1.8
mozillaseamonkey
1.1.9
mozillaseamonkey
1.1.10
mozillaseamonkey
1.1.11
mozillaseamonkey
1.1.12
mozillaseamonkey
1.1.13
mozillathunderbird
𝑥
≤ 2.0.0.20
mozillathunderbird
2.0.0.0
mozillathunderbird
2.0.0.4
mozillathunderbird
2.0.0.5
mozillathunderbird
2.0.0.6
mozillathunderbird
2.0.0.9
mozillathunderbird
2.0.0.12
mozillathunderbird
2.0.0.14
mozillathunderbird
2.0.0.16
mozillathunderbird
2.0.0.17
mozillathunderbird
2.0.0.18
mozillathunderbird
2.0.0.19
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
jaunty
dne
intrepid
dne
hardy
not-affected
gutsy
not-affected
dapper
not-affected
firefox-3.0
jaunty
Fixed 3.0.7+nobinonly-0ubuntu1
released
intrepid
Fixed 3.0.7+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 3.0.7+nobinonly-0ubuntu0.8.04.1
released
gutsy
ignored
dapper
dne
firefox-3.5
jaunty
Fixed 3.5+nobinonly-0ubuntu0.9.04.1
released
intrepid
dne
hardy
dne
gutsy
dne
dapper
dne
iceape
jaunty
dne
intrepid
dne
hardy
dne
gutsy
not-affected
dapper
dne
icedove
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
dapper
dne
iceweasel
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
dapper
dne
mozilla-thunderbird
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
dapper
not-affected
seamonkey
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
dne
dapper
dne
thunderbird
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
dne
xulrunner
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
dne
xulrunner-1.9
jaunty
Fixed 1.9.0.7+nobinonly-0ubuntu1
released
intrepid
Fixed 1.9.0.7+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 1.9.0.7+nobinonly-0ubuntu0.8.04.1
released
gutsy
ignored
dapper
dne
xulrunner-1.9.1
jaunty
Fixed 1.9.1+nobinonly-0ubuntu0.9.04.1
released
intrepid
dne
hardy
dne
gutsy
dne
dapper
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
http://secunia.com/advisories/34140
http://secunia.com/advisories/34145
http://secunia.com/advisories/34272
http://secunia.com/advisories/34383
http://secunia.com/advisories/34462
http://secunia.com/advisories/34464
http://secunia.com/advisories/34527
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://www.debian.org/security/2009/dsa-1751
http://www.debian.org/security/2009/dsa-1830
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
http://www.mozilla.org/security/announce/2009/mfsa2009-07.html
http://www.redhat.com/support/errata/RHSA-2009-0315.html
http://www.securityfocus.com/bid/33990
http://www.securitytracker.com/id?1021795
http://www.vupen.com/english/advisories/2009/0632
https://bugzilla.mozilla.org/buglist.cgi?bug_id=424276%2C435209%2C436965%2C460706%2C466057%2C468578%2C471594%2C472502
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11314
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5250
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6755
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
http://secunia.com/advisories/34140
http://secunia.com/advisories/34145
http://secunia.com/advisories/34272
http://secunia.com/advisories/34383
http://secunia.com/advisories/34462
http://secunia.com/advisories/34464
http://secunia.com/advisories/34527
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://www.debian.org/security/2009/dsa-1751
http://www.debian.org/security/2009/dsa-1830
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
http://www.mozilla.org/security/announce/2009/mfsa2009-07.html
http://www.redhat.com/support/errata/RHSA-2009-0315.html
http://www.securityfocus.com/bid/33990
http://www.securitytracker.com/id?1021795
http://www.vupen.com/english/advisories/2009/0632
https://bugzilla.mozilla.org/buglist.cgi?bug_id=424276%2C435209%2C436965%2C460706%2C466057%2C468578%2C471594%2C472502
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11314
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5250
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6755
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html