CVE-2009-1571: Code Injection
First published: Mon Feb 22 2010(Updated: )
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla SeaMonkey | =1.1.10 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Firefox | =3.0.17 | |
| Firefox | =3.5.3 | |
| Mozilla SeaMonkey | =1.1.8 | |
| Firefox | =3.0.7 | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.1.7 | |
| Firefox | =3.0.9 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Mozilla SeaMonkey | =1.1.3 | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =3.5.6 | |
| Firefox | =3.0.8 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =1.1.17 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =1.1.5 | |
| Mozilla SeaMonkey | =1.0.7 | |
| Firefox | =3.5 | |
| Mozilla SeaMonkey | =1.0-beta | |
| Firefox | =3.5.5 | |
| Firefox | =3.0.4 | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Firefox | =3.5.4 | |
| Firefox | =3.5.7 | |
| Firefox | =3.0.5 | |
| Mozilla SeaMonkey | =1.0-alpha | |
| Mozilla SeaMonkey | =1.1.12 | |
| Firefox | =3.5.1 | |
| Mozilla SeaMonkey | =1.1 | |
| Firefox | =3.0.14 | |
| Firefox | =3.5.2 | |
| Mozilla SeaMonkey | =1.1.14 | |
| Firefox | =3.0-beta2 | |
| Mozilla SeaMonkey | =1.1.2 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Firefox | =3.0.10 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla SeaMonkey | =1.0.8 | |
| Mozilla SeaMonkey | =1.1.11 | |
| Firefox | =3.0.12 | |
| Firefox | =3.0.3 | |
| Mozilla SeaMonkey | =1.1.1 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Mozilla SeaMonkey | =1.1.15 | |
| Firefox | =3.0.6 | |
| Firefox | =3.0.15 | |
| Mozilla SeaMonkey | =1.1.6 | |
| Firefox | =3.0 | |
| Mozilla SeaMonkey | =1.1.16 | |
| Firefox | =3.0.1 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Firefox | =3.0.2 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Mozilla SeaMonkey | =1.1.9 | |
| Mozilla SeaMonkey | =1.1.13 | |
| Firefox | =3.0-beta5 | |
| Firefox | =3.0.13 | |
| Mozilla SeaMonkey | =2.0 | |
| Firefox | =3.0-alpha | |
| Mozilla SeaMonkey | =1.1.4 | |
| Firefox | =3.0.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=526500
- http://secunia.com/advisories/37242
- http://secunia.com/secunia_research/2009-45/
- http://www.mozilla.org/security/announce/2010/mfsa2010-03.html
- http://www.vupen.com/english/advisories/2010/0405
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
- http://www.redhat.com/support/errata/RHSA-2010-0112.html
- http://www.ubuntu.com/usn/USN-895-1
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
- http://www.ubuntu.com/usn/USN-896-1
- http://www.debian.org/security/2010/dsa-1999
- http://www.redhat.com/support/errata/RHSA-2010-0113.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
- http://secunia.com/advisories/38770
- http://www.redhat.com/support/errata/RHSA-2010-0154.html
- http://www.redhat.com/support/errata/RHSA-2010-0153.html
- http://www.vupen.com/english/advisories/2010/0650
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:051
- http://secunia.com/advisories/38772
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
- http://secunia.com/advisories/38847
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56361
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227
- http://www.securityfocus.com/archive/1/509585/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2009-1571?
The severity of CVE-2009-1571 is classified as critical due to the potential for remote code execution.
How do I fix CVE-2009-1571?
To fix CVE-2009-1571, users should update their Mozilla Firefox, Thunderbird, or SeaMonkey to the latest versions that include the security patches.
Which versions are affected by CVE-2009-1571?
CVE-2009-1571 affects Mozilla Firefox versions 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3.
What type of vulnerability is CVE-2009-1571?
CVE-2009-1571 is categorized as a use-after-free vulnerability in the HTML parser.
Can CVE-2009-1571 be exploited remotely?
Yes, CVE-2009-1571 can be exploited remotely by attackers to execute arbitrary code.
- agent/weakness
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.1.10
- version/mozilla seamonkey/1.0.3
- canonical/firefox
- version/firefox/3.0.17
- version/firefox/3.5.3
- version/mozilla seamonkey/1.1.8
- version/firefox/3.0.7
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.1.7
- version/firefox/3.0.9
- version/mozilla seamonkey/1.0.6
- version/mozilla seamonkey/1.0.9
- version/mozilla seamonkey/1.1.3
- version/mozilla seamonkey/1.0
- version/firefox/3.5.6
- version/firefox/3.0.8
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/1.1.17
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/1.1.5
- version/mozilla seamonkey/1.0.7
- version/firefox/3.5
- version/mozilla seamonkey/1.0-beta
- version/firefox/3.5.5
- version/firefox/3.0.4
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0-alpha_3
- version/firefox/3.5.4
- version/firefox/3.5.7
- version/firefox/3.0.5
- version/mozilla seamonkey/1.0-alpha
- version/mozilla seamonkey/1.1.12
- version/firefox/3.5.1
- version/mozilla seamonkey/1.1
- version/firefox/3.0.14
- version/firefox/3.5.2
- version/mozilla seamonkey/1.1.14
- version/firefox/3.0-beta2
- version/mozilla seamonkey/1.1.2
- version/mozilla seamonkey/2.0-beta_2
- version/firefox/3.0.10
- version/mozilla seamonkey/1.0.2
- version/mozilla seamonkey/1.0.8
- version/mozilla seamonkey/1.1.11
- version/firefox/3.0.12
- version/firefox/3.0.3
- version/mozilla seamonkey/1.1.1
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/1.0.5
- version/mozilla seamonkey/1.1.15
- version/firefox/3.0.6
- version/firefox/3.0.15
- version/mozilla seamonkey/1.1.6
- version/firefox/3.0
- version/mozilla seamonkey/1.1.16
- version/firefox/3.0.1
- version/mozilla seamonkey/2.0-beta_1
- version/firefox/3.0.2
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/1.0.4
- version/mozilla seamonkey/1.1.9
- version/mozilla seamonkey/1.1.13
- version/firefox/3.0-beta5
- version/firefox/3.0.13
- version/mozilla seamonkey/2.0
- version/firefox/3.0-alpha
- version/mozilla seamonkey/1.1.4
- version/firefox/3.0.11