Published: 29/10/2009 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in the GIF image parser in Mozilla Firefox prior to 3.0.15 and 3.5.x prior to 3.5.4, and SeaMonkey prior to 2.0, allows remote malicious users to execute arbitrary code via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.0.11
mozilla firefox 3.0.12
mozilla firefox 3.0.7
mozilla firefox 3.0.8
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.8
mozilla seamonkey 1.1.7
mozilla seamonkey 1.5.0.9
mozilla seamonkey
mozilla firefox 3.0.1
mozilla firefox 3.0.10
mozilla firefox 3.0.3
mozilla firefox 3.0.2
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1.9
mozilla seamonkey 1.1.5
mozilla seamonkey 1.5.0.8
mozilla firefox 3.0.5
mozilla firefox 3.0.4
mozilla firefox 3.5.1
mozilla firefox 3.5.2
mozilla firefox 3.5.3
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.3
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.6
mozilla seamonkey 1.1
mozilla firefox 3.0
mozilla firefox 3.0.13
mozilla firefox 3.0.6
mozilla firefox 3.0.9
mozilla seamonkey 1.0.5
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.13
mozilla firefox 3.0.14

Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2009-1563) ...

USN-853-1 fixed vulnerabilities in Firefox and Xulrunner The upstream changes introduced regressions that could lead to crashes when processing certain malformed GIF images, fonts and web pages This update fixes the problem ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3380 Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbars ...

Mozilla Foundation Security Advisory 2009-56 Heap buffer overflow in GIF color map parser Announced October 27, 2009 Reporter regenrecht, iDefense Impact Critical Products Firefox, SeaMonkey Fixed in ...

source: wwwsecurityfocuscom/bid/36855/info Mozilla Firefox and SeaMonkey are prone to a heap-based buffer-overflow vulnerability An attacker can exploit this issue to execute arbitrary code and to cause denial-of-service conditions by tricking a victim into visiting a malicious webpage NOTE: This issue was previously covered in BID 36 ...

CWE-119 https://bugzilla.mozilla.org/show_bug.cgi?id=511689 http://www.mozilla.org/security/announce/2009/mfsa2009-56.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 http://www.vupen.com/english/advisories/2009/3334 http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6548 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10684 https://nvd.nist.gov https://usn.ubuntu.com/853-1/https://www.exploit-db.com/exploits/33313/

CVE-2009-3373

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect