Vulnerability Details : CVE-2009-1313
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2009-1313
- cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1313
93.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1313
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-1313
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1313
-
https://rhn.redhat.com/errata/RHSA-2009-0449.html
-
http://securitytracker.com/id?1022126
-
https://bugzilla.mozilla.org/show_bug.cgi?id=489647
-
http://www.securityfocus.com/bid/34743
-
http://www.vupen.com/english/advisories/2009/1180
-
http://www.mozilla.org/security/announce/2009/mfsa2009-23.html
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.350967
-
https://bugzilla.mozilla.org/show_bug.cgi?id=489676
-
http://www.ubuntu.com/usn/USN-765-1
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
-
http://securitytracker.com/id?1022127
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10446
-
https://bugzilla.redhat.com/show_bug.cgi?id=497447
-
https://bugzilla.mozilla.org/show_bug.cgi?id=490233
Jump to