CVE-2009-2466 — HIGH (10.0)

Q: How severe is CVE-2009-2466?

CVE-2009-2466 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-2466?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird.

Vulnerability Description

The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	< 3.0.12
Mozilla	Thunderbird	<= 3.0.11

Related Weaknesses (CWE)

CWE-787

References

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2009-1162.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-1163.htmlThird Party Advisory
http://secunia.com/advisories/35914Not ApplicableVendor Advisory
http://secunia.com/advisories/35943Not ApplicableVendor Advisory
http://secunia.com/advisories/35944Not ApplicablePatchVendor Advisory
http://secunia.com/advisories/35947Not ApplicableVendor Advisory
http://secunia.com/advisories/36005Not Applicable
http://secunia.com/advisories/36145Not Applicable
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1Broken Link
http://www.mozilla.org/security/announce/2009/mfsa2009-34.htmlVendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0153.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0154.htmlThird Party Advisory

FAQ

What is CVE-2009-2466?

CVE-2009-2466 is a vulnerability with a CVSS score of 10.0 (HIGH). The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code...

How severe is CVE-2009-2466?

CVE-2009-2466 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2466?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird.