CVE-2009-3382 - Vulnerability Details

layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.8:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.9:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.10:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.11:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.12:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.13:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.14:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
firefox-0:3.0.15-3.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:1530	2009-10-27T00:00:00Z
nspr-0:4.7.6-1.el4_8	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:1530	2009-10-27T00:00:00Z
Red Hat Enterprise Linux 5
firefox-0:3.0.15-3.el5_4	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1530	2009-10-27T00:00:00Z
nspr-0:4.7.6-1.el5_4	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1530	2009-10-27T00:00:00Z
xulrunner-0:1.9.0.15-3.el5_4	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1530	2009-10-27T00:00:00Z

References

Link	Providers
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://www.mozilla.org/security/announce/2009/mfsa2009-64.html
http://www.vupen.com/english/advisories/2009/3334
https://bugzilla.mozilla.org/show_bug.cgi?id=514960
https://nvd.nist.gov/vuln/detail/CVE-2009-3382
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5581
https://www.cve.org/CVERecord?id=CVE-2009-3382

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-10-29T14:00:00

Updated: 2024-08-07T06:22:24.434Z

Reserved: 2009-09-24T00:00:00

Link: CVE-2009-3382

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-10-29T14:30:01.127

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-3382

Redhat

Severity : Critical

Publid Date: 2009-10-27T00:00:00Z

Links: CVE-2009-3382 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object