CVE-2009-3072

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
mozillafirefox
𝑥
≤ 3.0.13
mozillafirefox
0.1
mozillafirefox
0.2
mozillafirefox
0.3
mozillafirefox
0.4
mozillafirefox
0.5
mozillafirefox
0.6
mozillafirefox
0.6.1
mozillafirefox
0.7
mozillafirefox
0.7.1
mozillafirefox
0.8
mozillafirefox
0.9
mozillafirefox
0.9:rc
mozillafirefox
0.9.1
mozillafirefox
0.9.2
mozillafirefox
0.9.3
mozillafirefox
0.9_rc:_rc
mozillafirefox
0.10
mozillafirefox
0.10.1
mozillafirefox
1.0
mozillafirefox
1.0:preview_release
mozillafirefox
1.0.1
mozillafirefox
1.0.2
mozillafirefox
1.0.3
mozillafirefox
1.0.4
mozillafirefox
1.0.5
mozillafirefox
1.0.6
mozillafirefox
1.0.7
mozillafirefox
1.0.8
mozillafirefox
1.4.1
mozillafirefox
1.5
mozillafirefox
1.5:beta1
mozillafirefox
1.5:beta2
mozillafirefox
1.5.0.1
mozillafirefox
1.5.0.2
mozillafirefox
1.5.0.3
mozillafirefox
1.5.0.4
mozillafirefox
1.5.0.5
mozillafirefox
1.5.0.6
mozillafirefox
1.5.0.7
mozillafirefox
1.5.0.8
mozillafirefox
1.5.0.9
mozillafirefox
1.5.0.10
mozillafirefox
1.5.0.11
mozillafirefox
1.5.0.12
mozillafirefox
1.5.1
mozillafirefox
1.5.2
mozillafirefox
1.5.3
mozillafirefox
1.5.4
mozillafirefox
1.5.5
mozillafirefox
1.5.6
mozillafirefox
1.5.7
mozillafirefox
1.5.8
mozillafirefox
1.8
mozillafirefox
2.0
mozillafirefox
2.0:beta_1
mozillafirefox
2.0:beta1
mozillafirefox
2.0:rc2
mozillafirefox
2.0:rc3
mozillafirefox
2.0.0.1
mozillafirefox
2.0.0.2
mozillafirefox
2.0.0.3
mozillafirefox
2.0.0.4
mozillafirefox
2.0.0.5
mozillafirefox
2.0.0.6
mozillafirefox
2.0.0.7
mozillafirefox
2.0.0.8
mozillafirefox
2.0.0.9
mozillafirefox
2.0.0.10
mozillafirefox
2.0.0.11
mozillafirefox
2.0.0.12
mozillafirefox
2.0.0.13
mozillafirefox
2.0.0.14
mozillafirefox
2.0.0.15
mozillafirefox
2.0.0.16
mozillafirefox
2.0.0.17
mozillafirefox
2.0.0.18
mozillafirefox
2.0.0.19
mozillafirefox
2.0.0.20
mozillafirefox
2.0.0.21
mozillafirefox
2.0_.1:_.1
mozillafirefox
2.0_.4:_.4
mozillafirefox
2.0_.5:_.5
mozillafirefox
2.0_.6:_.6
mozillafirefox
2.0_.7:_.7
mozillafirefox
2.0_.9:_.9
mozillafirefox
2.0_.10:_.10
mozillafirefox
2.0_8:_8
mozillafirefox
3.0
mozillafirefox
3.0:alpha
mozillafirefox
3.0:beta2
mozillafirefox
3.0:beta5
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
mozillafirefox
3.0.6
mozillafirefox
3.0.7
mozillafirefox
3.0.8
mozillafirefox
3.0.9
mozillafirefox
3.0.10
mozillafirefox
3.0.11
mozillafirefox
3.0.12
mozillafirefox
3.5
mozillafirefox
3.5.1
mozillafirefox
3.5.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox-3.0
jaunty
Fixed 3.0.14+build2+nobinonly-0ubuntu0.9.04.1
released
intrepid
Fixed 3.0.14+build2+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 3.0.14+build2+nobinonly-0ubuntu0.8.04.1
released
dapper
dne
firefox-3.5
jaunty
Fixed 3.5.3+build1+nobinonly-0ubuntu0.9.04.2
released
intrepid
dne
hardy
dne
dapper
dne
thunderbird
karmic
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1
released
jaunty
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1
released
intrepid
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1
released
dapper
dne
xulrunner-1.9
jaunty
Fixed 1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1
released
intrepid
Fixed 1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1
released
dapper
dne
xulrunner-1.9.1
jaunty
Fixed 1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2
released
intrepid
dne
hardy
dne
dapper
dne
References
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/36669
http://secunia.com/advisories/36670
http://secunia.com/advisories/36671
http://secunia.com/advisories/36692
http://secunia.com/advisories/37098
http://secunia.com/advisories/38977
http://secunia.com/advisories/39001
http://www.debian.org/security/2009/dsa-1885
http://www.mozilla.org/security/announce/2009/mfsa2009-47.html
http://www.mozilla.org/security/announce/2010/mfsa2010-07.html
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
http://www.redhat.com/support/errata/RHSA-2009-1430.html
http://www.redhat.com/support/errata/RHSA-2009-1431.html
http://www.redhat.com/support/errata/RHSA-2009-1432.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.securityfocus.com/bid/36343
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2010/0648
http://www.vupen.com/english/advisories/2010/0650
https://bugzilla.mozilla.org/show_bug.cgi?id=494283
https://bugzilla.mozilla.org/show_bug.cgi?id=501900
https://bugzilla.mozilla.org/show_bug.cgi?id=508074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10349
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6315
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/36669
http://secunia.com/advisories/36670
http://secunia.com/advisories/36671
http://secunia.com/advisories/36692
http://secunia.com/advisories/37098
http://secunia.com/advisories/38977
http://secunia.com/advisories/39001
http://www.debian.org/security/2009/dsa-1885
http://www.mozilla.org/security/announce/2009/mfsa2009-47.html
http://www.mozilla.org/security/announce/2010/mfsa2010-07.html
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
http://www.redhat.com/support/errata/RHSA-2009-1430.html
http://www.redhat.com/support/errata/RHSA-2009-1431.html
http://www.redhat.com/support/errata/RHSA-2009-1432.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.securityfocus.com/bid/36343
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2010/0648
http://www.vupen.com/english/advisories/2010/0650
https://bugzilla.mozilla.org/show_bug.cgi?id=494283
https://bugzilla.mozilla.org/show_bug.cgi?id=501900
https://bugzilla.mozilla.org/show_bug.cgi?id=508074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10349
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6315