CVE-2009-3933

First published: Thu Nov 12 2009(Updated: )

WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Webkit Webkit	<=r50173
Google Chrome	<=3.0.195.24
Google Chrome	=0.2.149.27
Google Chrome	=0.2.149.29
Google Chrome	=0.2.149.30
Google Chrome	=0.2.152.1
Google Chrome	=0.2.153.1
Google Chrome	=0.3.154.0
Google Chrome	=0.3.154.3
Google Chrome	=0.4.154.18
Google Chrome	=0.4.154.22
Google Chrome	=0.4.154.31
Google Chrome	=0.4.154.33
Google Chrome	=1.0.154.36
Google Chrome	=1.0.154.39
Google Chrome	=1.0.154.42
Google Chrome	=1.0.154.43
Google Chrome	=1.0.154.46
Google Chrome	=1.0.154.48
Google Chrome	=1.0.154.52
Google Chrome	=1.0.154.53
Google Chrome	=1.0.154.59
Google Chrome	=1.0.154.65
Google Chrome	=2.0.156.1
Google Chrome	=2.0.157.0
Google Chrome	=2.0.157.2
Google Chrome	=2.0.158.0
Google Chrome	=2.0.159.0
Google Chrome	=2.0.169.0
Google Chrome	=2.0.169.1
Google Chrome	=2.0.170.0
Google Chrome	=2.0.172
Google Chrome	=2.0.172.2
Google Chrome	=2.0.172.8
Google Chrome	=2.0.172.27
Google Chrome	=2.0.172.28
Google Chrome	=2.0.172.30
Google Chrome	=2.0.172.31
Google Chrome	=2.0.172.33
Google Chrome	=2.0.172.37
Google Chrome	=2.0.172.38
Google Chrome	=3.0.182.2
Google Chrome	=3.0.190.2
Google Chrome	=3.0.193.2-beta
Google Chrome	=3.0.195.21

Remedy

http://codereview.chromium.org/339039

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
agent/references
agent/type
agent/description
agent/event
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/author
agent/weakness
agent/severity
agent/remedy
agent/tags
collector/mitre-cve
source/MITRE
vendor/webkit
canonical/webkit webkit
version/webkit webkit/r50173
vendor/google
canonical/google chrome
version/google chrome/3.0.195.24
version/google chrome/0.2.149.27
version/google chrome/0.2.149.29
version/google chrome/0.2.149.30
version/google chrome/0.2.152.1
version/google chrome/0.2.153.1
version/google chrome/0.3.154.0
version/google chrome/0.3.154.3
version/google chrome/0.4.154.18
version/google chrome/0.4.154.22
version/google chrome/0.4.154.31
version/google chrome/0.4.154.33
version/google chrome/1.0.154.36
version/google chrome/1.0.154.39
version/google chrome/1.0.154.42
version/google chrome/1.0.154.43
version/google chrome/1.0.154.46
version/google chrome/1.0.154.48
version/google chrome/1.0.154.52
version/google chrome/1.0.154.53
version/google chrome/1.0.154.59
version/google chrome/1.0.154.65
version/google chrome/2.0.156.1
version/google chrome/2.0.157.0
version/google chrome/2.0.157.2
version/google chrome/2.0.158.0
version/google chrome/2.0.159.0
version/google chrome/2.0.169.0
version/google chrome/2.0.169.1
version/google chrome/2.0.170.0
version/google chrome/2.0.172
version/google chrome/2.0.172.2
version/google chrome/2.0.172.8
version/google chrome/2.0.172.27
version/google chrome/2.0.172.28
version/google chrome/2.0.172.30
version/google chrome/2.0.172.31
version/google chrome/2.0.172.33
version/google chrome/2.0.172.37
version/google chrome/2.0.172.38
version/google chrome/3.0.182.2
version/google chrome/3.0.190.2
version/google chrome/3.0.193.2-beta
version/google chrome/3.0.195.21

CVE-2009-3933

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact