PT-2009-3383 · Mozilla+2 · Thunderbird+4

Jesse Ruderman

Published

2009-03-05

Updated

2024-12-12

CVE-2009-0772

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 2 through 3.0.6 Thunderbird versions prior to 2.0.0.21 SeaMonkey version 1.1.15

Description The issue is related to the layout engine and can be triggered by vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, leading to memory corruption. This can cause a denial of service (crash) and possibly allow the execution of arbitrary code.

Recommendations For Mozilla Firefox versions 2 through 3.0.6, update to version 3.0.7 or later. For Thunderbird versions prior to 2.0.0.21, update to version 2.0.0.21 or later. For SeaMonkey version 1.1.15, update to a version later than 1.1.15.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2009-0772

DSA-1751-1

DSA-1830-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

RHSA-2009:0258

RHSA-2009:0315

RHSA-2009:0325

RHSA-2009_0258

RHSA-2009_0315

RHSA-2009_0325

Affected Products

Firefox

Red Hat

Seamonkey

Suse

Thunderbird

PT-2009-3383 · Mozilla+2 · Thunderbird+4

CVE-2009-0772

Weakness Enumeration

Related Identifiers

Affected Products

References · 3129