CVE-2009-3077

Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
mozillafirefox
𝑥
≤ 3.0.13
mozillafirefox
0.1
mozillafirefox
0.2
mozillafirefox
0.3
mozillafirefox
0.4
mozillafirefox
0.5
mozillafirefox
0.6
mozillafirefox
0.6.1
mozillafirefox
0.7
mozillafirefox
0.7.1
mozillafirefox
0.8
mozillafirefox
0.9
mozillafirefox
0.9:rc
mozillafirefox
0.9.1
mozillafirefox
0.9.2
mozillafirefox
0.9.3
mozillafirefox
0.9_rc:_rc
mozillafirefox
0.10
mozillafirefox
0.10.1
mozillafirefox
1.0
mozillafirefox
1.0:preview_release
mozillafirefox
1.0.1
mozillafirefox
1.0.2
mozillafirefox
1.0.3
mozillafirefox
1.0.4
mozillafirefox
1.0.5
mozillafirefox
1.0.6
mozillafirefox
1.0.7
mozillafirefox
1.0.8
mozillafirefox
1.4.1
mozillafirefox
1.5
mozillafirefox
1.5:beta1
mozillafirefox
1.5:beta2
mozillafirefox
1.5.0.1
mozillafirefox
1.5.0.2
mozillafirefox
1.5.0.3
mozillafirefox
1.5.0.4
mozillafirefox
1.5.0.5
mozillafirefox
1.5.0.6
mozillafirefox
1.5.0.7
mozillafirefox
1.5.0.8
mozillafirefox
1.5.0.9
mozillafirefox
1.5.0.10
mozillafirefox
1.5.0.11
mozillafirefox
1.5.0.12
mozillafirefox
1.5.1
mozillafirefox
1.5.2
mozillafirefox
1.5.3
mozillafirefox
1.5.4
mozillafirefox
1.5.5
mozillafirefox
1.5.6
mozillafirefox
1.5.7
mozillafirefox
1.5.8
mozillafirefox
1.8
mozillafirefox
2.0
mozillafirefox
2.0:beta_1
mozillafirefox
2.0:beta1
mozillafirefox
2.0:rc2
mozillafirefox
2.0:rc3
mozillafirefox
2.0.0.1
mozillafirefox
2.0.0.2
mozillafirefox
2.0.0.3
mozillafirefox
2.0.0.4
mozillafirefox
2.0.0.5
mozillafirefox
2.0.0.6
mozillafirefox
2.0.0.7
mozillafirefox
2.0.0.8
mozillafirefox
2.0.0.9
mozillafirefox
2.0.0.10
mozillafirefox
2.0.0.11
mozillafirefox
2.0.0.12
mozillafirefox
2.0.0.13
mozillafirefox
2.0.0.14
mozillafirefox
2.0.0.15
mozillafirefox
2.0.0.16
mozillafirefox
2.0.0.17
mozillafirefox
2.0.0.18
mozillafirefox
2.0.0.19
mozillafirefox
2.0.0.20
mozillafirefox
2.0.0.21
mozillafirefox
2.0_.1:_.1
mozillafirefox
2.0_.4:_.4
mozillafirefox
2.0_.5:_.5
mozillafirefox
2.0_.6:_.6
mozillafirefox
2.0_.7:_.7
mozillafirefox
2.0_.9:_.9
mozillafirefox
2.0_.10:_.10
mozillafirefox
2.0_8:_8
mozillafirefox
3.0
mozillafirefox
3.0:alpha
mozillafirefox
3.0:beta2
mozillafirefox
3.0:beta5
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
mozillafirefox
3.0.6
mozillafirefox
3.0.7
mozillafirefox
3.0.8
mozillafirefox
3.0.9
mozillafirefox
3.0.10
mozillafirefox
3.0.11
mozillafirefox
3.0.12
mozillafirefox
3.5
mozillafirefox
3.5.1
mozillafirefox
3.5.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox-3.0
jaunty
Fixed 3.0.14+build2+nobinonly-0ubuntu0.9.04.1
released
intrepid
Fixed 3.0.14+build2+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 3.0.14+build2+nobinonly-0ubuntu0.8.04.1
released
dapper
dne
firefox-3.5
jaunty
Fixed 3.5.3+build1+nobinonly-0ubuntu0.9.04.2
released
intrepid
dne
hardy
dne
dapper
dne
thunderbird
karmic
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1
released
jaunty
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1
released
intrepid
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1
released
dapper
dne
xulrunner-1.9
jaunty
Fixed 1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1
released
intrepid
Fixed 1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1
released
dapper
dne
xulrunner-1.9.1
jaunty
Fixed 1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2
released
intrepid
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/36669
http://secunia.com/advisories/36670
http://secunia.com/advisories/36671
http://secunia.com/advisories/36692
http://secunia.com/advisories/37098
http://secunia.com/advisories/38977
http://secunia.com/advisories/39001
http://www.debian.org/security/2009/dsa-1885
http://www.mozilla.org/security/announce/2009/mfsa2009-49.html
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
http://www.redhat.com/support/errata/RHSA-2009-1430.html
http://www.redhat.com/support/errata/RHSA-2009-1431.html
http://www.redhat.com/support/errata/RHSA-2009-1432.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.securityfocus.com/bid/36343
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2010/0650
https://bugzilla.mozilla.org/show_bug.cgi?id=506871
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10730
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5606
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/36669
http://secunia.com/advisories/36670
http://secunia.com/advisories/36671
http://secunia.com/advisories/36692
http://secunia.com/advisories/37098
http://secunia.com/advisories/38977
http://secunia.com/advisories/39001
http://www.debian.org/security/2009/dsa-1885
http://www.mozilla.org/security/announce/2009/mfsa2009-49.html
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
http://www.redhat.com/support/errata/RHSA-2009-1430.html
http://www.redhat.com/support/errata/RHSA-2009-1431.html
http://www.redhat.com/support/errata/RHSA-2009-1432.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.securityfocus.com/bid/36343
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2010/0650
https://bugzilla.mozilla.org/show_bug.cgi?id=506871
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10730
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5606