Vulnerability Details : CVE-2009-3933
WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.
Vulnerability category: Denial of service
Products affected by CVE-2009-3933
- cpe:2.3:a:webkit:webkit:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-3933
4.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3933
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-3933
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-3933
-
http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/webkit.gyp?r1=30311&r2=30310
-
http://www.vupen.com/english/advisories/2011/0212
Webmail | OVH- OVH
-
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:002
-
http://trac.webkit.org/changeset/50173
-
http://src.chromium.org/viewvc/chrome?view=rev&revision=30311
-
http://code.google.com/p/chromium/issues/detail?id=25892
-
http://codereview.chromium.org/339039
Patch
-
https://bugs.webkit.org/show_bug.cgi?id=30833
-
http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/54297
Jump to