CVE-2009-1392: Code Injection
First published: Mon Jun 01 2009(Updated: )
Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Bob Clary, Jesse Ruderman, Alexander Sack, Bret McMillan, Tomeo Vizoso, Matt McCutchen, and Martijn Wargers reported crashes in the Firefox 3 browser engine.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla SeaMonkey | =1.1.10 | |
| Thunderbird | =1.5.0.7 | |
| Thunderbird | =0.6 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Thunderbird | =0.7.2 | |
| Thunderbird | =2.0.0.4 | |
| Mozilla SeaMonkey | =1.1.8 | |
| Mozilla SeaMonkey | <=1.1.16 | |
| Firefox | =3.0.7 | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.1.7 | |
| Thunderbird | =2.0.0.6 | |
| Firefox | =3.0.9 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Thunderbird | =0.3 | |
| Mozilla SeaMonkey | =1.1.3 | |
| Thunderbird | =0.2 | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =3.0.8 | |
| Thunderbird | =2.0_.5 | |
| Thunderbird | =1.0.7 | |
| Thunderbird | =2.0.0.18 | |
| Mozilla SeaMonkey | =1.0.99 | |
| Thunderbird | =2.0.0.9 | |
| Mozilla SeaMonkey | =1.1.5 | |
| Mozilla SeaMonkey | =1.0-beta | |
| Thunderbird | =2.0_.12 | |
| Thunderbird | =2.0.0.15 | |
| Firefox | =3.0.4 | |
| Mozilla SeaMonkey | =1.1-alpha | |
| Thunderbird | =2.0.0.16 | |
| Thunderbird | =2.0.0.8 | |
| Thunderbird | =2.0.0.7 | |
| Firefox | =3.0.5 | |
| Mozilla SeaMonkey | =1.0-alpha | |
| Thunderbird | =1.7.1 | |
| Thunderbird | =2.0_8 | |
| Thunderbird | =1.5.0.3 | |
| Thunderbird | =1.5.0.10 | |
| Thunderbird | =1.5.0.5 | |
| Thunderbird | =1.5.0.6 | |
| Mozilla SeaMonkey | =1.1.12 | |
| Mozilla SeaMonkey | =1.1 | |
| Thunderbird | =1.0 | |
| Thunderbird | =2.0.0.3 | |
| Thunderbird | =1.0.1 | |
| Thunderbird | =1.5-beta2 | |
| Firefox | =3.0-beta2 | |
| Thunderbird | =2.0.0.2 | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =3.0.10 | |
| Mozilla SeaMonkey | =1.0.8 | |
| Thunderbird | =1.0.2 | |
| Thunderbird | =2.0.0.0 | |
| Thunderbird | =1.5.0.13 | |
| Mozilla SeaMonkey | =1.1.11 | |
| Firefox | =3.0.3 | |
| Mozilla SeaMonkey | =1.1-beta | |
| Mozilla SeaMonkey | =1.1.1 | |
| Thunderbird | =2.0.0.12 | |
| Thunderbird | =1.5 | |
| Thunderbird | =1.5.0.2 | |
| Mozilla SeaMonkey | =1.1.5-1.1.10 | |
| Thunderbird | =2.0.0.13 | |
| Mozilla SeaMonkey | =1.1.15 | |
| Thunderbird | =2.0_.9 | |
| Firefox | =3.0.6 | |
| Thunderbird | =1.5.0.8 | |
| Thunderbird | =2.0.0.14 | |
| Thunderbird | =0.5 | |
| Thunderbird | =1.0.4 | |
| Thunderbird | =1.5.2 | |
| Thunderbird | =2.0.0.17 | |
| Thunderbird | <=2.0.0.19 | |
| Thunderbird | =1.5.0.9 | |
| Thunderbird | =1.5.0.11 | |
| Thunderbird | =0.9 | |
| Thunderbird | =1.0.3 | |
| Mozilla SeaMonkey | =1.1.6 | |
| Thunderbird | =2.0.0.11 | |
| Thunderbird | =1.5.0.12 | |
| Thunderbird | =2.0_.13 | |
| Firefox | =3.0 | |
| Firefox | =3.0.1 | |
| Thunderbird | =2.0_.14 | |
| Thunderbird | =0.7.3 | |
| Mozilla SeaMonkey | =1.0 | |
| Thunderbird | =0.4 | |
| Mozilla SeaMonkey | =1.0 | |
| Thunderbird | =1.5.1 | |
| Thunderbird | =0.7 | |
| Thunderbird | =1.5.0.14 | |
| Thunderbird | =1.0.6 | |
| Firefox | =3.0.2 | |
| Thunderbird | =1.0.5-beta | |
| Thunderbird | =2.0.0.5 | |
| Thunderbird | =1.7.3 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Thunderbird | =2.0.0.1 | |
| Mozilla SeaMonkey | =1.1.9 | |
| Mozilla SeaMonkey | =1.1.13 | |
| Thunderbird | =1.5.0.1 | |
| Thunderbird | =2.0_.4 | |
| Thunderbird | =1.0.8 | |
| Thunderbird | =0.1 | |
| Thunderbird | =0.7.1 | |
| Thunderbird | =1.0.5 | |
| Thunderbird | =0.8 | |
| Thunderbird | =2.0_.6 | |
| Firefox | =3.0-alpha | |
| Thunderbird | =1.5.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2009-1095.html
- https://rhn.redhat.com/errata/RHSA-2009-1096.html
- https://rhn.redhat.com/errata/RHSA-2009-1126.html
- https://rhn.redhat.com/errata/RHSA-2009-1125.html
- https://bugzilla.redhat.com/show_bug.cgi?id=503568
- https://bugzilla.mozilla.org/show_bug.cgi?id=490425
- https://bugzilla.mozilla.org/show_bug.cgi?id=490410
- http://www.securityfocus.com/bid/35326
- https://bugzilla.mozilla.org/show_bug.cgi?id=429969
- http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
- http://secunia.com/advisories/35331
- http://secunia.com/advisories/35431
- https://bugzilla.mozilla.org/show_bug.cgi?id=380359
- https://bugzilla.mozilla.org/show_bug.cgi?id=451341
- https://bugzilla.mozilla.org/show_bug.cgi?id=490513
- https://bugzilla.mozilla.org/show_bug.cgi?id=472776
- http://secunia.com/advisories/35440
- https://bugzilla.mozilla.org/show_bug.cgi?id=431086
- https://bugzilla.mozilla.org/show_bug.cgi?id=432068
- https://bugzilla.mozilla.org/show_bug.cgi?id=486398
- https://bugzilla.mozilla.org/show_bug.cgi?id=489041
- http://secunia.com/advisories/35428
- http://securitytracker.com/id?1022376
- http://secunia.com/advisories/35439
- http://www.vupen.com/english/advisories/2009/1572
- http://rhn.redhat.com/errata/RHSA-2009-1096.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
- http://www.securityfocus.com/bid/35370
- http://www.securitytracker.com/id?1022397
- http://osvdb.org/55145
- http://osvdb.org/55147
- http://osvdb.org/55144
- http://osvdb.org/55146
- http://www.debian.org/security/2009/dsa-1820
- http://secunia.com/advisories/35468
- http://www.redhat.com/support/errata/RHSA-2009-1125.html
- http://www.ubuntu.com/usn/usn-782-1
- http://www.redhat.com/support/errata/RHSA-2009-1126.html
- http://secunia.com/advisories/35536
- http://secunia.com/advisories/35602
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
- http://secunia.com/advisories/35561
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
- http://secunia.com/advisories/35415
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1
- http://www.vupen.com/english/advisories/2009/2152
- http://www.debian.org/security/2009/dsa-1830
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9501
Frequently Asked Questions
What is the severity of CVE-2009-1392?
The severity of CVE-2009-1392 is high, as it involves potential memory corruption leading to crashes.
How do I fix CVE-2009-1392?
To fix CVE-2009-1392, upgrade your Mozilla Firefox, SeaMonkey, or Thunderbird to the latest version that addresses this vulnerability.
What versions are affected by CVE-2009-1392?
CVE-2009-1392 affects specific versions of Mozilla Firefox, SeaMonkey, and Thunderbird, including Firefox 3.0.7 and SeaMonkey 1.1.10.
What products are impacted by CVE-2009-1392?
CVE-2009-1392 impacts Mozilla Firefox, Mozilla SeaMonkey, and Mozilla Thunderbird.
Is CVE-2009-1392 a remote code execution vulnerability?
CVE-2009-1392 does not explicitly indicate remote code execution but involves memory corruption which could potentially lead to such risks.
- agent/first-publish-date
- agent/remedy
- agent/type
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-1392
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.1.10
- canonical/thunderbird
- version/thunderbird/1.5.0.7
- version/thunderbird/0.6
- version/mozilla seamonkey/1.0.3
- version/thunderbird/0.7.2
- version/thunderbird/2.0.0.4
- version/mozilla seamonkey/1.1.8
- version/mozilla seamonkey/1.1.16
- canonical/firefox
- version/firefox/3.0.7
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.1.7
- version/thunderbird/2.0.0.6
- version/firefox/3.0.9
- version/mozilla seamonkey/1.0.6
- version/mozilla seamonkey/1.0.9
- version/thunderbird/0.3
- version/mozilla seamonkey/1.1.3
- version/thunderbird/0.2
- version/mozilla seamonkey/1.0
- version/firefox/3.0.8
- version/thunderbird/2.0_.5
- version/thunderbird/1.0.7
- version/thunderbird/2.0.0.18
- version/mozilla seamonkey/1.0.99
- version/thunderbird/2.0.0.9
- version/mozilla seamonkey/1.1.5
- version/mozilla seamonkey/1.0-beta
- version/thunderbird/2.0_.12
- version/thunderbird/2.0.0.15
- version/firefox/3.0.4
- version/mozilla seamonkey/1.1-alpha
- version/thunderbird/2.0.0.16
- version/thunderbird/2.0.0.8
- version/thunderbird/2.0.0.7
- version/firefox/3.0.5
- version/mozilla seamonkey/1.0-alpha
- version/thunderbird/1.7.1
- version/thunderbird/2.0_8
- version/thunderbird/1.5.0.3
- version/thunderbird/1.5.0.10
- version/thunderbird/1.5.0.5
- version/thunderbird/1.5.0.6
- version/mozilla seamonkey/1.1.12
- version/mozilla seamonkey/1.1
- version/thunderbird/1.0
- version/thunderbird/2.0.0.3
- version/thunderbird/1.0.1
- version/thunderbird/1.5-beta2
- version/firefox/3.0-beta2
- version/thunderbird/2.0.0.2
- version/firefox/3.0.10
- version/mozilla seamonkey/1.0.8
- version/thunderbird/1.0.2
- version/thunderbird/2.0.0.0
- version/thunderbird/1.5.0.13
- version/mozilla seamonkey/1.1.11
- version/firefox/3.0.3
- version/mozilla seamonkey/1.1-beta
- version/mozilla seamonkey/1.1.1
- version/thunderbird/2.0.0.12
- version/thunderbird/1.5
- version/thunderbird/1.5.0.2
- version/mozilla seamonkey/1.1.5-1.1.10
- version/thunderbird/2.0.0.13
- version/mozilla seamonkey/1.1.15
- version/thunderbird/2.0_.9
- version/firefox/3.0.6
- version/thunderbird/1.5.0.8
- version/thunderbird/2.0.0.14
- version/thunderbird/0.5
- version/thunderbird/1.0.4
- version/thunderbird/1.5.2
- version/thunderbird/2.0.0.17
- version/thunderbird/2.0.0.19
- version/thunderbird/1.5.0.9
- version/thunderbird/1.5.0.11
- version/thunderbird/0.9
- version/thunderbird/1.0.3
- version/mozilla seamonkey/1.1.6
- version/thunderbird/2.0.0.11
- version/thunderbird/1.5.0.12
- version/thunderbird/2.0_.13
- version/firefox/3.0
- version/firefox/3.0.1
- version/thunderbird/2.0_.14
- version/thunderbird/0.7.3
- version/thunderbird/0.4
- version/thunderbird/1.5.1
- version/thunderbird/0.7
- version/thunderbird/1.5.0.14
- version/thunderbird/1.0.6
- version/firefox/3.0.2
- version/thunderbird/1.0.5-beta
- version/thunderbird/2.0.0.5
- version/thunderbird/1.7.3
- version/mozilla seamonkey/1.0.4
- version/thunderbird/2.0.0.1
- version/mozilla seamonkey/1.1.9
- version/mozilla seamonkey/1.1.13
- version/thunderbird/1.5.0.1
- version/thunderbird/2.0_.4
- version/thunderbird/1.0.8
- version/thunderbird/0.1
- version/thunderbird/0.7.1
- version/thunderbird/1.0.5
- version/thunderbird/0.8
- version/thunderbird/2.0_.6
- version/firefox/3.0-alpha
- version/thunderbird/1.5.0.4