CVE-2009-1571

CVSS V2 High 10 CVSS V3 None
Description
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.
Overview
  • CVE ID
  • CVE-2009-1571
  • Assigner
  • PSIRT-CNA@flexerasoftware.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-02-22T13:00:01
  • Last Modified Date
  • 2018-10-10T19:37:22
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 10
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 10
References
Reference URL Reference Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=526500
http://secunia.com/advisories/37242 Vendor Advisory
http://secunia.com/secunia_research/2009-45/ Vendor Advisory
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html Vendor Advisory
http://www.vupen.com/english/advisories/2010/0405 Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
http://www.redhat.com/support/errata/RHSA-2010-0112.html
http://www.ubuntu.com/usn/USN-895-1
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
http://www.ubuntu.com/usn/USN-896-1
http://www.debian.org/security/2010/dsa-1999
http://www.redhat.com/support/errata/RHSA-2010-0113.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
http://secunia.com/advisories/38770
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.vupen.com/english/advisories/2010/0650
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:051
http://secunia.com/advisories/38772
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
http://secunia.com/advisories/38847
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/56361
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227
http://www.securityfocus.com/archive/1/509585/100/0/threaded
History
Created Old Value New Value Data Type Notes
2022-05-10 18:32:50 Added to TrackCVE