You are here

CVE-2009-3075

Vincent (CVE) Danen's picture
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.

Details Source

Mitre

Public Date

2009-09-09 00:00:00

Impact

Critical

Bugzilla

CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes

Bugzilla ID

521 691

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (seamonkey) RHSA-2009:1431 2009-09-09
Red Hat Enterprise Linux 4 RHSA-2009:1430 2009-09-09
Red Hat Enterprise Linux 5 RHSA-2009:1430 2009-09-09
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2010:0153 2010-03-17
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2010:0154 2010-03-17
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2009:1432 2009-09-09
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2010:0153 2010-03-17

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 xulrunner 1.9.0.14-1.el5_4 Fixed
Red Hat Enterprise Linux version 5 nspr 4.7.5-1.el5_4 Fixed
Red Hat Enterprise Linux version 4 nspr 4.7.5-1.el4_8 Fixed