Vulnerabilities > CVE-2009-1313 - Resource Management Errors vulnerability in Mozilla Firefox 3.0.9
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Mozilla Firefox 3.0.9 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability. CVE-2009-1313. Dos exploit for linux platform |
| id | EDB-ID:32961 |
| last seen | 2016-02-03 |
| modified | 2009-04-27 |
| published | 2009-04-27 |
| reporter | Marc Gueury |
| source | https://www.exploit-db.com/download/32961/ |
| title | Mozilla Firefox 3.0.9 - 'nsTextFrame::ClearTextRun' Remote Memory Corruption Vulnerability |
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-118-01.NASL description New mozilla-firefox packages are available for Slackware 12.2 and -current to fix security issues. The updated packages may also be used with Slackware 11.0 or newer. last seen 2020-06-01 modified 2020-06-02 plugin id 38201 published 2009-04-29 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38201 title Slackware 12.2 / current : mozilla-firefox (SSA:2009-118-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2009-118-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(38201); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2009-1313"); script_xref(name:"SSA", value:"2009-118-01"); script_name(english:"Slackware 12.2 / current : mozilla-firefox (SSA:2009-118-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New mozilla-firefox packages are available for Slackware 12.2 and -current to fix security issues. The updated packages may also be used with Slackware 11.0 or newer." ); # http://www.mozilla.org/security/known-vulnerabilities/firefox30.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d7d74da4" ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.350967 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4c959994" ); script_set_attribute( attribute:"solution", value:"Update the affected mozilla-firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mozilla-firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"12.2", pkgname:"mozilla-firefox", pkgver:"3.0.10", pkgarch:"i686", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"mozilla-firefox", pkgver:"3.0.10", pkgarch:"i686", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0449.NASL description Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 38193 published 2009-04-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38193 title RHEL 4 / 5 : firefox (RHSA-2009:0449) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0449. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(38193); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:14"); script_cve_id("CVE-2009-1313"); script_xref(name:"RHSA", value:"2009:0449"); script_name(english:"RHEL 4 / 5 : firefox (RHSA-2009:0449)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1313" ); # http://www.mozilla.org/security/known-vulnerabilities/firefox30.html# script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d7d74da4" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:0449" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel-unstable"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/30"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2009:0449"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"firefox-3.0.10-1.el4")) flag++; if (rpm_check(release:"RHEL5", reference:"firefox-3.0.10-1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"xulrunner-1.9.0.10-1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"xulrunner-devel-1.9.0.10-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"xulrunner-devel-unstable-1.9.0.10-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"xulrunner-devel-unstable-1.9.0.10-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"xulrunner-devel-unstable-1.9.0.10-1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / xulrunner / xulrunner-devel / xulrunner-devel-unstable"); } }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0449.NASL description Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 43745 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43745 title CentOS 4 / 5 : firefox (CESA-2009:0449) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0449 and # CentOS Errata and Security Advisory 2009:0449 respectively. # include("compat.inc"); if (description) { script_id(43745); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2009-1313"); script_xref(name:"RHSA", value:"2009:0449"); script_name(english:"CentOS 4 / 5 : firefox (CESA-2009:0449)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2009-April/015831.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?acaa4ce9" ); # https://lists.centos.org/pipermail/centos-announce/2009-April/015832.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?690fd0a6" ); # https://lists.centos.org/pipermail/centos-announce/2009-April/015835.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?827be77b" ); # https://lists.centos.org/pipermail/centos-announce/2009-April/015836.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?819b5b6c" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xulrunner-devel-unstable"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/30"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x / 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"firefox-3.0.10-1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"firefox-3.0.10-1.el4.centos")) flag++; if (rpm_check(release:"CentOS-5", reference:"firefox-3.0.10-1.el5.centos")) flag++; if (rpm_check(release:"CentOS-5", reference:"xulrunner-1.9.0.10-1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"xulrunner-devel-1.9.0.10-1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"xulrunner-devel-unstable-1.9.0.10-1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / xulrunner / xulrunner-devel / xulrunner-devel-unstable"); }NASL family Windows NASL id MOZILLA_FIREFOX_3010.NASL description The version of Firefox installed on the remote host is earlier than 3.0.10. Such versions have multiple vulnerabilities : - An error in function last seen 2020-06-01 modified 2020-06-02 plugin id 38200 published 2009-04-28 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38200 title Firefox < 3.0.10 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-111.NASL description Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1313) This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. Update : The recent Mozilla Firefox update missed the Firefox language packs for Mandriva Linux 2009. This update provides them, fixing the issue. last seen 2020-06-01 modified 2020-06-02 plugin id 38853 published 2009-05-13 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38853 title Mandriva Linux Security Advisory : firefox (MDVSA-2009:111-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLAFIREFOX-090507.NASL description Firefox version upgrade to 3.0.10 to fix a crash in nsTextFrame::ClearTextRun() (CVE-2009-1313). last seen 2020-06-01 modified 2020-06-02 plugin id 40173 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40173 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-860) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLAFIREFOX-090507.NASL description Firefox version upgrade to 3.0.10 to fix a crash in nsTextFrame::ClearTextRun() (CVE-2009-1313). last seen 2020-06-01 modified 2020-06-02 plugin id 39890 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39890 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-860) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-090507.NASL description Firefox version upgrade to 3.0.10 to fix a crash in nsTextFrame::ClearTextRun(). (CVE-2009-1313) last seen 2020-06-01 modified 2020-06-02 plugin id 41355 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41355 title SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 859) NASL family Fedora Local Security Checks NASL id FEDORA_2009-4083.NASL description Update to Firefox 3.0.10 fixing one security issue: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.10 Depending packages rebuilt against new Firefox are also included in this update. Additional bugs fixed in other packages: - totem: Fix YouTube plugin following website changes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38189 published 2009-04-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38189 title Fedora 10 : Miro-2.0.3-4.fc10 / blam-1.8.5-10.fc10 / devhelp-0.22-8.fc10 / epiphany-2.24.3-6.fc10 / etc (2009-4083) NASL family Fedora Local Security Checks NASL id FEDORA_2009-4078.NASL description Update to Firefox 3.0.10 fixing one security issue: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.10 Depending packages rebuilt against new Firefox are also included in this update. Additional bugs fixed in other packages: - totem: Fix YouTube plugin following website changes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38188 published 2009-04-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38188 title Fedora 9 : Miro-2.0.3-4.fc9 / blam-1.8.5-9.fc9.1 / chmsee-1.0.1-12.fc9 / devhelp-0.19.1-12.fc9 / etc (2009-4078) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-765-1.NASL description It was discovered that the upstream security fixes in USN-764-1 introduced a regression which could cause the browser to crash. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38205 published 2009-04-29 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38205 title Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-765-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0449.NASL description From Red Hat Security Advisory 2009:0449 : Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67850 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67850 title Oracle Linux 4 / 5 : firefox (ELSA-2009-0449)
Oval
| accepted | 2013-04-29T04:05:45.927-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10446 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34743 CVE(CAN) ID: CVE-2009-1313 Firefox是一款流行的开放源码WEB浏览器。 Firefox的nsTextFrame::ClearTextRun()函数中存在内存破坏漏洞,如果用户受骗打开了包含有恶意内容的网页就会导致浏览器崩溃。安装了HTML Validator附件组件的用户尤其受这个漏洞的影响。 Mozilla Firefox 3.0.9 Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.mozilla.org/ target=_blank rel=external nofollow>http://www.mozilla.org/</a> RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:0449-01)以及相应补丁: RHSA-2009:0449-01:Critical: firefox security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2009-0449.html target=_blank rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-0449.html</a> |
| id | SSV:5126 |
| last seen | 2017-11-19 |
| modified | 2009-04-28 |
| published | 2009-04-28 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-5126 |
| title | Firefox nsTextFrame::ClearTextRun()函数远程内存破坏漏洞 |
References
- http://www.securityfocus.com/bid/34743
- http://securitytracker.com/id?1022126
- https://bugzilla.mozilla.org/show_bug.cgi?id=489647
- http://securitytracker.com/id?1022127
- https://bugzilla.mozilla.org/show_bug.cgi?id=489676
- https://bugzilla.mozilla.org/show_bug.cgi?id=490233
- http://www.mozilla.org/security/announce/2009/mfsa2009-23.html
- https://bugzilla.redhat.com/show_bug.cgi?id=497447
- https://rhn.redhat.com/errata/RHSA-2009-0449.html
- http://secunia.com/advisories/34919
- http://www.ubuntu.com/usn/USN-765-1
- http://secunia.com/advisories/34910
- http://secunia.com/advisories/34851
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.350967
- http://www.vupen.com/english/advisories/2009/1180
- http://secunia.com/advisories/34866
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10446