PT-2009-6687 · Mozilla+2 · Firefox+5
Dan Kaminsky
·
Published
1970-01-01
·
Updated
2024-06-15
·
CVE-2009-3379
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
libvorbisfile3 (affected versions not specified)
libvorbis0a (affected versions not specified)
libvorbis-dev (affected versions not specified)
libvorbisenc2 (affected versions not specified)
Mozilla Firefox versions prior to 3.5.4
Description
The issue involves multiple unspecified vulnerabilities in the libvorbis package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service or allowing the execution of arbitrary code. The estimated number of potentially affected devices worldwide is not available.
Recommendations
For libvorbisfile3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For libvorbis0a, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For libvorbis-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For libvorbisenc2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Mozilla Firefox, update to version 3.5.4 or later to resolve the issue.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox
Red Hat
Libvorbis-Dev
Libvorbis0A
Libvorbisenc2
Libvorbisfile3