Vulnerability Description
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 3.0.9 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/34851
- http://secunia.com/advisories/34866
- http://secunia.com/advisories/34910
- http://secunia.com/advisories/34919
- http://securitytracker.com/id?1022126
- http://securitytracker.com/id?1022127
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
- http://www.mozilla.org/security/announce/2009/mfsa2009-23.html
- http://www.securityfocus.com/bid/34743
- http://www.ubuntu.com/usn/USN-765-1
- http://www.vupen.com/english/advisories/2009/1180
- https://bugzilla.mozilla.org/show_bug.cgi?id=489647
- https://bugzilla.mozilla.org/show_bug.cgi?id=489676
- https://bugzilla.mozilla.org/show_bug.cgi?id=490233
FAQ
What is CVE-2009-1313?
CVE-2009-1313 is a vulnerability with a CVSS score of 9.3 (HIGH). The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute ar...
How severe is CVE-2009-1313?
CVE-2009-1313 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1313?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.