CVE-2009-0773
Firefox 3 crashes in the JavaScript engine
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
El motor JavaScript de Mozilla Firefox anterior a v3.0.7, Thunderbird anterior a v2.0.0.21 y SeaMonkey v1.1.15, permite a atacantes remotos provocar una denegación de servicio (caída) y puede que ejecutar código de su elección a través de (1) una unión de un array que contiene "algunos elementos non-set" que hace que jsarray.cpp pase un argumento incorrecto a la función ResizeSlots lo que lanza una corrupción de memoria; (2) vectores relacionado con js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__ y watch -ver- que lanzan un fallo de aserción o un fallo de segmentación y (3) vectores relacionados con gczeal, __defineSetter__ y watch -ver- que inducen a un cuelgue.
A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21. This update provides the latest Thunderbird to correct these issues. Additionally, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architecture, would freeze whenever any Enigmail function was used. Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. This update also fixes those issues.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-03-03 CVE Reserved
- 2009-03-05 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (32)
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=457521 | 2024-08-07 | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=467499 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=472787 | 2017-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 3.0.6 Search vendor "Mozilla" for product "Firefox" and version " <= 3.0.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.0 Search vendor "Mozilla" for product "Firefox" and version "1.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.0.1 Search vendor "Mozilla" for product "Firefox" and version "1.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.0.2 Search vendor "Mozilla" for product "Firefox" and version "1.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.0.3 Search vendor "Mozilla" for product "Firefox" and version "1.0.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.0.4 Search vendor "Mozilla" for product "Firefox" and version "1.0.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.0.5 Search vendor "Mozilla" for product "Firefox" and version "1.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.0.6 Search vendor "Mozilla" for product "Firefox" and version "1.0.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.0.7 Search vendor "Mozilla" for product "Firefox" and version "1.0.7" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.0.8 Search vendor "Mozilla" for product "Firefox" and version "1.0.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.1 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.2 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.3 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.4 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.5 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.6 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.7 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.7" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.8 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.9 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.10 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.10" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.11 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.11" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 1.5.0.12 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.12" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.1 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.2 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.3 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.5 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.6 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.7 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.7" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.8 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.9 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.10 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.10" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.11 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.11" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.12 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.12" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.13 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.13" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.14 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.14" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.15 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.15" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.16 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.16" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.17 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.17" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.18 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.18" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.19 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.19" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 2.0.0.20 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.20" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0 Search vendor "Mozilla" for product "Firefox" and version "3.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0.1 Search vendor "Mozilla" for product "Firefox" and version "3.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0.2 Search vendor "Mozilla" for product "Firefox" and version "3.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0.3 Search vendor "Mozilla" for product "Firefox" and version "3.0.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0.4 Search vendor "Mozilla" for product "Firefox" and version "3.0.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0.5 Search vendor "Mozilla" for product "Firefox" and version "3.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | <= 1.1.14 Search vendor "Mozilla" for product "Seamonkey" and version " <= 1.1.14" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.2 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.3 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.5 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.6 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.7 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.7" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.8 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.9 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.1" | alpha |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.1" | beta |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.2 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.3 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.4 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.5 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.6 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.7 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.7" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.8 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.9 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.10 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.10" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.11 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.11" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.12 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.12" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.13 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.13" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | <= 2.0.0.20 Search vendor "Mozilla" for product "Thunderbird" and version " <= 2.0.0.20" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 2.0.0.0 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 2.0.0.4 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 2.0.0.5 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 2.0.0.6 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 2.0.0.9 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 2.0.0.12 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.12" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 2.0.0.14 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.14" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 2.0.0.16 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.16" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 2.0.0.17 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.17" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 2.0.0.18 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.18" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 2.0.0.19 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.19" | - |
Affected
| ||||||