CVE-2009-3379

Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.  NOTE: this might overlap CVE-2009-2663.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
3.5.1
mozillafirefox
3.5.2
mozillafirefox
3.5.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvorbis
bookworm
1.3.7-1
fixed
bullseye
1.3.7-1
fixed
etch
not-affected
lenny
not-affected
sid
1.3.7-2
fixed
squeeze
no-dsa
trixie
1.3.7-2
fixed
libvorbisidec
bookworm
1.2.1+git20180316-7
fixed
bullseye
1.2.1+git20180316-7
fixed
etch
not-affected
lenny
not-affected
sid
1.2.1+git20180316-8
fixed
squeeze
no-dsa
trixie
1.2.1+git20180316-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
dapper
ignored
hardy
not-affected
intrepid
dne
jaunty
dne
karmic
dne
xulrunner-1.9.1
dapper
dne
hardy
dne
intrepid
dne
jaunty
Fixed 1.9.1.9+nobinonly-0ubuntu0.9.04.1
released
karmic
Fixed 1.9.1.9+nobinonly-0ubuntu0.9.10.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
MozillaFirefox
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 12 SP5
68.1.0-109.92.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 12 SP5
68.1.0-109.92.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-devel
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-translations-common
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 12 SP5
68.1.0-109.92.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 12 SP5
68.1.0-109.92.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-translations-other
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
libvorbis-devel
suse enterprise desktop 15
1.3.6-2.16
fixed
suse enterprise desktop 15 SP1
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP2
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP3
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP4
1.3.6-4.3.1
fixed
suse enterprise sap 15
1.3.6-2.16
fixed
suse enterprise sap 15 SP1
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP2
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP3
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP4
1.3.6-4.3.1
fixed
suse enterprise server 15
1.3.6-2.16
fixed
suse enterprise server 15 SP1
1.3.6-4.3.1
fixed
suse enterprise server 15 SP2
1.3.6-4.3.1
fixed
suse enterprise server 15 SP3
1.3.6-4.3.1
fixed
suse enterprise server 15 SP4
1.3.6-4.3.1
fixed
libvorbis-doc
suse enterprise sap 12 SP5
1.3.3-10.14.1
fixed
suse enterprise server 12 SP5
1.3.3-10.14.1
fixed
libvorbis0
suse enterprise desktop 15
1.3.6-2.16
fixed
suse enterprise desktop 15 SP1
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP2
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP3
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP4
1.3.6-4.3.1
fixed
suse enterprise sap 12 SP5
1.3.3-10.14.1
fixed
suse enterprise sap 15
1.3.6-2.16
fixed
suse enterprise sap 15 SP1
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP2
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP3
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP4
1.3.6-4.3.1
fixed
suse enterprise server 12 SP5
1.3.3-10.14.1
fixed
suse enterprise server 15
1.3.6-2.16
fixed
suse enterprise server 15 SP1
1.3.6-4.3.1
fixed
suse enterprise server 15 SP2
1.3.6-4.3.1
fixed
suse enterprise server 15 SP3
1.3.6-4.3.1
fixed
suse enterprise server 15 SP4
1.3.6-4.3.1
fixed
libvorbis0-32bit
suse enterprise sap 12 SP5
1.3.3-10.14.1
fixed
suse enterprise server 12 SP5
1.3.3-10.14.1
fixed
libvorbisenc2
suse enterprise desktop 15
1.3.6-2.16
fixed
suse enterprise desktop 15 SP1
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP2
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP3
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP4
1.3.6-4.3.1
fixed
suse enterprise sap 12 SP5
1.3.3-10.14.1
fixed
suse enterprise sap 15
1.3.6-2.16
fixed
suse enterprise sap 15 SP1
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP2
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP3
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP4
1.3.6-4.3.1
fixed
suse enterprise server 12 SP5
1.3.3-10.14.1
fixed
suse enterprise server 15
1.3.6-2.16
fixed
suse enterprise server 15 SP1
1.3.6-4.3.1
fixed
suse enterprise server 15 SP2
1.3.6-4.3.1
fixed
suse enterprise server 15 SP3
1.3.6-4.3.1
fixed
suse enterprise server 15 SP4
1.3.6-4.3.1
fixed
libvorbisenc2-32bit
suse enterprise sap 12 SP5
1.3.3-10.14.1
fixed
suse enterprise server 12 SP5
1.3.3-10.14.1
fixed
libvorbisfile3
suse enterprise desktop 15
1.3.6-2.16
fixed
suse enterprise desktop 15 SP1
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP2
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP3
1.3.6-4.3.1
fixed
suse enterprise desktop 15 SP4
1.3.6-4.3.1
fixed
suse enterprise sap 12 SP5
1.3.3-10.14.1
fixed
suse enterprise sap 15
1.3.6-2.16
fixed
suse enterprise sap 15 SP1
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP2
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP3
1.3.6-4.3.1
fixed
suse enterprise sap 15 SP4
1.3.6-4.3.1
fixed
suse enterprise server 12 SP5
1.3.3-10.14.1
fixed
suse enterprise server 15
1.3.6-2.16
fixed
suse enterprise server 15 SP1
1.3.6-4.3.1
fixed
suse enterprise server 15 SP2
1.3.6-4.3.1
fixed
suse enterprise server 15 SP3
1.3.6-4.3.1
fixed
suse enterprise server 15 SP4
1.3.6-4.3.1
fixed
libvorbisfile3-32bit
suse enterprise sap 12 SP5
1.3.3-10.14.1
fixed
suse enterprise server 12 SP5
1.3.3-10.14.1
fixed
References
http://secunia.com/advisories/37306
http://secunia.com/advisories/37340
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
http://www.redhat.com/support/errata/RHSA-2009-1561.html
http://www.ubuntu.com/usn/USN-861-1
http://www.vupen.com/english/advisories/2009/3334
https://bugzilla.mozilla.org/show_bug.cgi?id=499512
https://bugzilla.mozilla.org/show_bug.cgi?id=500254
https://bugzilla.mozilla.org/show_bug.cgi?id=501279
https://bugzilla.mozilla.org/show_bug.cgi?id=507167
https://bugzilla.mozilla.org/show_bug.cgi?id=515889
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10993
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6582
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00315.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00369.html
http://secunia.com/advisories/37306
http://secunia.com/advisories/37340
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
http://www.redhat.com/support/errata/RHSA-2009-1561.html
http://www.ubuntu.com/usn/USN-861-1
http://www.vupen.com/english/advisories/2009/3334
https://bugzilla.mozilla.org/show_bug.cgi?id=499512
https://bugzilla.mozilla.org/show_bug.cgi?id=500254
https://bugzilla.mozilla.org/show_bug.cgi?id=501279
https://bugzilla.mozilla.org/show_bug.cgi?id=507167
https://bugzilla.mozilla.org/show_bug.cgi?id=515889
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10993
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6582
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00315.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00369.html