Published: 04/08/2009 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox prior to 3.0.12 allows remote malicious users to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions prior to 3.0.13.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.0.1
mozilla firefox 2.0.0.19
mozilla firefox 0.9.3
mozilla firefox 0.9.2
mozilla firefox 1.0.2
mozilla firefox 3.0
mozilla firefox 1.0.5
mozilla firefox 2.0_.1
mozilla firefox 2.0_.10
mozilla firefox 2.0.0.21
mozilla firefox 3.0.7
mozilla firefox 0.7
mozilla firefox 0.7.1
mozilla firefox 0.2
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.7
mozilla firefox 1.5
mozilla firefox 1.5.5
mozilla firefox 2.0.0.6
mozilla firefox 2.0.0.1
mozilla firefox 2.0
mozilla firefox 3.0.6
mozilla firefox 1.0.6
mozilla firefox 3.5
mozilla firefox 2.0.0.14
mozilla firefox 2.0.0.12
mozilla firefox 0.9
mozilla firefox 1.0.3
mozilla firefox 1.0.8
mozilla firefox 2.0_.9
mozilla firefox 2.0_8
mozilla firefox 1.4.1
mozilla firefox 2.0.0.15
mozilla firefox 0.6.1
mozilla firefox 0.6
mozilla firefox 0.1
mozilla firefox 2.0.0.7
mozilla firefox 1.5.0.12
mozilla firefox 1.5.0.9
mozilla firefox 1.5.0.6
mozilla firefox 1.5.7
mozilla firefox 1.5.6
mozilla firefox 2.0.0.2
mozilla firefox 3.0.2
mozilla firefox 2.0.0.13
mozilla firefox 3.0.10
mozilla firefox 3.0.9
mozilla firefox
mozilla firefox 0.10.1
mozilla firefox 0.9.1
mozilla firefox 1.0
mozilla firefox 3.0.5
mozilla firefox 2.0.0.9
mozilla firefox 2.0_.6
mozilla firefox 2.0_.7
mozilla firefox 2.0.0.16
mozilla firefox 2.0.0.11
mozilla firefox 0.4
mozilla firefox 0.5
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.11
mozilla firefox 1.5.1
mozilla firefox 1.5.2
mozilla firefox 1.5.0.8
mozilla firefox 1.8
mozilla firefox 1.5.8
mozilla firefox 2.0.0.3
mozilla firefox 0.9_rc
mozilla firefox 3.0.12
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.18
mozilla firefox 3.0.8
mozilla firefox 0.10
mozilla firefox 0.8
mozilla firefox 1.0.1
mozilla firefox 2.0.0.20
mozilla firefox 1.0.4
mozilla firefox 1.0.7
mozilla firefox 2.0_.4
mozilla firefox 2.0_.5
mozilla firefox 2.0.0.17
mozilla firefox 2.0.0.10
mozilla firefox 0.3
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.2
mozilla firefox 1.5.3
mozilla firefox 1.5.4
mozilla firefox 2.0.0.5
mozilla firefox 2.0.0.4
mozilla firefox 3.0.3
mozilla firefox 3.0.11
mozilla firefox 3.0.4

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4 and 5This update has been rated as having critical security impact by the RedHat Security Response Team ...

Mozilla Foundation Security Advisory 2009-45 Crashes with evidence of memory corruption (rv:1912/19013) Announced August 3, 2009 Reporter Mozilla developers and community Impact Critical Products Firefox Fixed in ...

CWE-399 http://www.mozilla.org/security/announce/2009/mfsa2009-45.html https://bugzilla.mozilla.org/show_bug.cgi?id=501270 http://www.vupen.com/english/advisories/2009/2142 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html http://secunia.com/advisories/36126 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html http://www.securityfocus.com/bid/35927 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9806 https://access.redhat.com/errata/RHSA-2009:1162 https://nvd.nist.gov

Get Started

CVE-2009-2664

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect