Published: 22/02/2010 Updated: 10/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x prior to 3.0.18 and 3.5.x prior to 3.5.8, Thunderbird prior to 3.0.2, and SeaMonkey prior to 2.0.3 allows remote malicious users to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.0
mozilla firefox 3.0.15
mozilla firefox 3.0.17
mozilla firefox 3.0.9
mozilla firefox 3.5.4
mozilla firefox 3.5.5
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.9
mozilla seamonkey 2.0
mozilla seamonkey 2.0.2
mozilla firefox 3.0.1
mozilla firefox 3.0.10
mozilla firefox 3.0.2
mozilla firefox 3.0.3
mozilla firefox 3.5.6
mozilla firefox 3.5.7
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.8
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.3
mozilla firefox 3.0.13
mozilla firefox 3.0.14
mozilla firefox 3.0.7
mozilla firefox 3.0.8
mozilla firefox 3.5.2
mozilla firefox 3.5.3
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0
mozilla seamonkey 1.1
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.8
mozilla seamonkey 2.0.1
mozilla seamonkey 1.1.4
mozilla firefox 3.0.11
mozilla firefox 3.0.12
mozilla firefox 3.0.4
mozilla firefox 3.0.5
mozilla firefox 3.0.6
mozilla firefox 3.5
mozilla firefox 3.5.1
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.6

Several flaws were discovered in the browser engine of Firefox If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2010-0159) ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execut ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4 and 5This update has been rated as having critical security impact by the RedHat Security Response Team ...

Synopsis Moderate: thunderbird security update Type/Severity Security Advisory: Moderate Topic An updated thunderbird package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common V ...

Synopsis Moderate: thunderbird security update Type/Severity Security Advisory: Moderate Topic An updated thunderbird package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common V ...

Synopsis Critical: seamonkey security update Type/Severity Security Advisory: Critical Topic Updated seamonkey packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 3 and 4This update has been rated as having critical security impact by the RedHat Security Response Team ...

Mozilla Foundation Security Advisory 2010-03 Use-after-free crash in HTML parser Announced February 17, 2010 Reporter Alin Rad Pop Impact Critical Products Firefox, SeaMonkey, Thunderbird Fixed in ...

CWE-94 https://bugzilla.mozilla.org/show_bug.cgi?id=526500 http://secunia.com/advisories/37242 http://secunia.com/secunia_research/2009-45/http://www.mozilla.org/security/announce/2010/mfsa2010-03.html http://www.vupen.com/english/advisories/2010/0405 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://www.redhat.com/support/errata/RHSA-2010-0112.html http://www.ubuntu.com/usn/USN-895-1 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://www.ubuntu.com/usn/USN-896-1 http://www.debian.org/security/2010/dsa-1999 http://www.redhat.com/support/errata/RHSA-2010-0113.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 http://secunia.com/advisories/38770 http://www.redhat.com/support/errata/RHSA-2010-0154.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.vupen.com/english/advisories/2010/0650 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:051 http://secunia.com/advisories/38772 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html http://secunia.com/advisories/38847 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html https://exchange.xforce.ibmcloud.com/vulnerabilities/56361 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227 http://www.securityfocus.com/archive/1/509585/100/0/threaded https://nvd.nist.gov https://usn.ubuntu.com/895-1/

Get Started

CVE-2009-1571

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect