Vulnerabilidad en Mozilla Firefox (CVE-2009-1044)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-399
Error en la gestión de recursos
Fecha de publicación:
23/03/2009
Última modificación:
09/04/2025
Descripción
Mozilla Firefox versión 3.0.7 en Windows 7, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores desconocidos relacionados con el método de árbol _moveToEdgeShift XUL, que desencadena un garbage collection en objetos que todavía están en uso, como es demostrado por Nils durante la competición PWN2OWN en CanSecWest 2009.
Impacto
Puntuación base 2.0
9.30
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://blogs.zdnet.com/security/?p=2934
- http://blogs.zdnet.com/security/?p=2941
- http://cansecwest.com/index.html
- http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
- http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html
- http://news.cnet.com/8301-1009_3-10199652-83.html
- http://osvdb.org/52896
- http://secunia.com/advisories/34471
- http://secunia.com/advisories/34505
- http://secunia.com/advisories/34510
- http://secunia.com/advisories/34511
- http://secunia.com/advisories/34521
- http://secunia.com/advisories/34527
- http://secunia.com/advisories/34549
- http://secunia.com/advisories/34550
- http://secunia.com/advisories/34792
- http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm
- http://twitter.com/tippingpoint1/status/1351635812
- http://www.debian.org/security/2009/dsa-1756
- http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A084
- http://www.mozilla.org/security/announce/2009/mfsa2009-13.html
- http://www.redhat.com/support/errata/RHSA-2009-0397.html
- http://www.redhat.com/support/errata/RHSA-2009-0398.html
- http://www.securityfocus.com/archive/1/502303/100/0/threaded
- http://www.securityfocus.com/bid/34181
- http://www.securitytracker.com/id?1021878=
- http://www.ubuntu.com/usn/usn-745-1
- http://www.vupen.com/english/advisories/2009/0864
- http://www.zerodayinitiative.com/advisories/ZDI-09-015
- https://bugzilla.mozilla.org/show_bug.cgi?id=484320
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
- http://blogs.zdnet.com/security/?p=2934
- http://blogs.zdnet.com/security/?p=2941
- http://cansecwest.com/index.html
- http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
- http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html
- http://news.cnet.com/8301-1009_3-10199652-83.html
- http://osvdb.org/52896
- http://secunia.com/advisories/34471
- http://secunia.com/advisories/34505
- http://secunia.com/advisories/34510
- http://secunia.com/advisories/34511
- http://secunia.com/advisories/34521
- http://secunia.com/advisories/34527
- http://secunia.com/advisories/34549
- http://secunia.com/advisories/34550
- http://secunia.com/advisories/34792
- http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm
- http://twitter.com/tippingpoint1/status/1351635812
- http://www.debian.org/security/2009/dsa-1756
- http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A084
- http://www.mozilla.org/security/announce/2009/mfsa2009-13.html
- http://www.redhat.com/support/errata/RHSA-2009-0397.html
- http://www.redhat.com/support/errata/RHSA-2009-0398.html
- http://www.securityfocus.com/archive/1/502303/100/0/threaded
- http://www.securityfocus.com/bid/34181
- http://www.securitytracker.com/id?1021878=
- http://www.ubuntu.com/usn/usn-745-1
- http://www.vupen.com/english/advisories/2009/0864
- http://www.zerodayinitiative.com/advisories/ZDI-09-015
- https://bugzilla.mozilla.org/show_bug.cgi?id=484320
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html