9.3
CVSSv2

CVE-2009-3077

Published: 10/09/2009 Updated: 19/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Mozilla Firefox prior to 3.0.14, and 3.5.x prior to 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."

Affected Products

Vendor Product Versions
MozillaFirefox0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.6.1, 0.7, 0.7.1, 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.9 Rc, 0.10, 0.10.1, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.4.1, 1.5, 1.5.0.1, 1.5.0.2, 1.5.0.3, 1.5.0.4, 1.5.0.5, 1.5.0.6, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.5.0.10, 1.5.0.11, 1.5.0.12, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.8, 2.0, 2.0.0.1, 2.0.0.2, 2.0.0.3, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.7, 2.0.0.8, 2.0.0.9, 2.0.0.10, 2.0.0.11, 2.0.0.12, 2.0.0.13, 2.0.0.14, 2.0.0.15, 2.0.0.16, 2.0.0.17, 2.0.0.18, 2.0.0.19, 2.0.0.20, 2.0.0.21, 2.0 .1, 2.0 .4, 2.0 .5, 2.0 .6, 2.0 .7, 2.0 .9, 2.0 .10, 2.0 8, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.5, 3.5.1, 3.5.2

Vendor Advisories

TreeColumns dangling pointer vulnerability Announced September 9, 2009 Reporter TippingPoint ZDI Impact Critical Products Firefox Fixed in Firefox ...
Synopsis Moderate: thunderbird security update Type/Severity Security Advisory: Moderate Topic An updated thunderbird package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common V ...
Synopsis Moderate: thunderbird security update Type/Severity Security Advisory: Moderate Topic An updated thunderbird package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common V ...
Several flaws were discovered in the Firefox browser and JavaScript engines If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075) ...
Several flaws were discovered in the JavaScript engine of Thunderbird If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2009-0689, CVE-2009-2463, CVE-2009-3075) ...
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3070 Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitra ...