CVE-2009-1302

The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	3.0 (including)	3.0 (including)
Firefox	Mozilla	3.0.1 (including)	3.0.1 (including)
Firefox	Mozilla	3.0.2 (including)	3.0.2 (including)
Firefox	Mozilla	3.0.3 (including)	3.0.3 (including)
Firefox	Mozilla	3.0.4 (including)	3.0.4 (including)
Firefox	Mozilla	3.0.5 (including)	3.0.5 (including)
Firefox	Mozilla	3.0.6 (including)	3.0.6 (including)
Firefox	Mozilla	3.0.7 (including)	3.0.7 (including)
Firefox	Mozilla	3.0.8 (including)	3.0.8 (including)
Seamonkey	Mozilla	*	1.1.13 (including)
Seamonkey	Mozilla	1.0 (including)	1.0 (including)
Seamonkey	Mozilla	1.0.1 (including)	1.0.1 (including)
Seamonkey	Mozilla	1.0.2 (including)	1.0.2 (including)
Seamonkey	Mozilla	1.0.3 (including)	1.0.3 (including)
Seamonkey	Mozilla	1.0.5 (including)	1.0.5 (including)
Seamonkey	Mozilla	1.0.6 (including)	1.0.6 (including)
Seamonkey	Mozilla	1.0.7 (including)	1.0.7 (including)
Seamonkey	Mozilla	1.0.8 (including)	1.0.8 (including)
Seamonkey	Mozilla	1.0.9 (including)	1.0.9 (including)
Seamonkey	Mozilla	1.1 (including)	1.1 (including)
Seamonkey	Mozilla	1.1-alpha (including)	1.1-alpha (including)
Seamonkey	Mozilla	1.1-beta (including)	1.1-beta (including)
Seamonkey	Mozilla	1.1.1 (including)	1.1.1 (including)
Seamonkey	Mozilla	1.1.2 (including)	1.1.2 (including)
Seamonkey	Mozilla	1.1.3 (including)	1.1.3 (including)
Seamonkey	Mozilla	1.1.4 (including)	1.1.4 (including)
Seamonkey	Mozilla	1.1.5 (including)	1.1.5 (including)
Seamonkey	Mozilla	1.1.6 (including)	1.1.6 (including)
Seamonkey	Mozilla	1.1.7 (including)	1.1.7 (including)
Seamonkey	Mozilla	1.1.8 (including)	1.1.8 (including)
Seamonkey	Mozilla	1.1.9 (including)	1.1.9 (including)
Seamonkey	Mozilla	1.1.10 (including)	1.1.10 (including)
Seamonkey	Mozilla	1.1.11 (including)	1.1.11 (including)
Seamonkey	Mozilla	1.1.12 (including)	1.1.12 (including)
Seamonkey	Mozilla	1.1.14 (including)	1.1.14 (including)
Seamonkey	Mozilla	1.1.15 (including)	1.1.15 (including)
Thunderbird	Mozilla	*	2.0.0.19 (including)
Thunderbird	Mozilla	1.0 (including)	1.0 (including)
Thunderbird	Mozilla	1.0.1 (including)	1.0.1 (including)
Thunderbird	Mozilla	1.0.2 (including)	1.0.2 (including)
Thunderbird	Mozilla	1.0.3 (including)	1.0.3 (including)
Thunderbird	Mozilla	1.0.4 (including)	1.0.4 (including)
Thunderbird	Mozilla	1.0.5 (including)	1.0.5 (including)
Thunderbird	Mozilla	1.0.5-beta (including)	1.0.5-beta (including)
Thunderbird	Mozilla	1.0.6 (including)	1.0.6 (including)
Thunderbird	Mozilla	1.0.7 (including)	1.0.7 (including)
Thunderbird	Mozilla	1.0.8 (including)	1.0.8 (including)
Thunderbird	Mozilla	1.5 (including)	1.5 (including)
Thunderbird	Mozilla	1.5-beta2 (including)	1.5-beta2 (including)
Thunderbird	Mozilla	1.5.0.1 (including)	1.5.0.1 (including)
Thunderbird	Mozilla	1.5.0.2 (including)	1.5.0.2 (including)
Thunderbird	Mozilla	1.5.0.3 (including)	1.5.0.3 (including)
Thunderbird	Mozilla	1.5.0.4 (including)	1.5.0.4 (including)
Thunderbird	Mozilla	1.5.0.5 (including)	1.5.0.5 (including)
Thunderbird	Mozilla	1.5.0.6 (including)	1.5.0.6 (including)
Thunderbird	Mozilla	1.5.0.7 (including)	1.5.0.7 (including)
Thunderbird	Mozilla	1.5.0.8 (including)	1.5.0.8 (including)
Thunderbird	Mozilla	1.5.0.9 (including)	1.5.0.9 (including)
Thunderbird	Mozilla	1.5.0.10 (including)	1.5.0.10 (including)
Thunderbird	Mozilla	1.5.0.11 (including)	1.5.0.11 (including)
Thunderbird	Mozilla	1.5.0.12 (including)	1.5.0.12 (including)
Thunderbird	Mozilla	1.5.0.13 (including)	1.5.0.13 (including)
Thunderbird	Mozilla	1.5.0.14 (including)	1.5.0.14 (including)
Thunderbird	Mozilla	1.5.1 (including)	1.5.1 (including)
Thunderbird	Mozilla	1.5.2 (including)	1.5.2 (including)
Thunderbird	Mozilla	2.0.0.0 (including)	2.0.0.0 (including)
Thunderbird	Mozilla	2.0.0.4 (including)	2.0.0.4 (including)
Thunderbird	Mozilla	2.0.0.5 (including)	2.0.0.5 (including)
Thunderbird	Mozilla	2.0.0.6 (including)	2.0.0.6 (including)
Thunderbird	Mozilla	2.0.0.9 (including)	2.0.0.9 (including)
Thunderbird	Mozilla	2.0.0.12 (including)	2.0.0.12 (including)
Thunderbird	Mozilla	2.0.0.14 (including)	2.0.0.14 (including)
Thunderbird	Mozilla	2.0.0.16 (including)	2.0.0.16 (including)
Thunderbird	Mozilla	2.0.0.17 (including)	2.0.0.17 (including)
Thunderbird	Mozilla	2.0.0.18 (including)	2.0.0.18 (including)
Thunderbird	Mozilla	2.0.0.20 (including)	2.0.0.20 (including)
Thunderbird	Mozilla	2.0.0.21 (including)	2.0.0.21 (including)
Red Hat Enterprise Linux 4	RedHat	firefox-0:3.0.9-1.el4	*
Red Hat Enterprise Linux 5	RedHat	firefox-0:3.0.9-1.el5	*
Red Hat Enterprise Linux 5	RedHat	xulrunner-0:1.9.0.9-1.el5	*
Firefox	Ubuntu	dapper	*
Firefox	Ubuntu	hardy	*
Seamonkey	Ubuntu	devel	*
Seamonkey	Ubuntu	hardy	*
Seamonkey	Ubuntu	intrepid	*
Seamonkey	Ubuntu	jaunty	*
Seamonkey	Ubuntu	karmic	*
Seamonkey	Ubuntu	lucid	*
Seamonkey	Ubuntu	maverick	*
Seamonkey	Ubuntu	natty	*
Seamonkey	Ubuntu	oneiric	*
Thunderbird	Ubuntu	upstream	*
Xulrunner	Ubuntu	hardy	*
Xulrunner	Ubuntu	intrepid	*
Xulrunner	Ubuntu	jaunty	*
Xulrunner	Ubuntu	karmic	*
Xulrunner-1.9	Ubuntu	gutsy	*
Xulrunner-1.9	Ubuntu	hardy	*
Xulrunner-1.9	Ubuntu	intrepid	*
Xulrunner-1.9	Ubuntu	jaunty	*
Xulrunner-1.9.1	Ubuntu	jaunty	*
Xulrunner-1.9.1	Ubuntu	karmic	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-1302
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References