You are here

CVE-2009-2467

Vincent (CVE) Danen's picture
Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object.

Details Source

Mitre

Public Date

2009-07-21 00:00:00

Impact

Critical

Bugzilla

CVE-2009-2467 Mozilla remote code execution during Flash player unloading

Bugzilla ID

512 137

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 RHSA-2009:1162 2009-07-22
Red Hat Enterprise Linux 4 (firefox) RHSA-2009:1162 2009-07-22

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 xulrunner 1.9.0.12-1.el5_3 Fixed