Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22701
HistoryOct 28, 2009 - 12:00 a.m.

Mozilla Foundation Security Advisory 2009-59

2009-10-2800:00:00
vulners.com
17
JSON

Mozilla Foundation Security Advisory 2009-59

Title: Heap buffer overflow in string to number conversion
Impact: Critical
Announced: October 27, 2009
Reporter: Alin Rad Pop
Products: Firefox

Fixed in: Firefox 3.5.4
Firefox 3.0.15
Description

Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer.
Workaround

Disable JavaScript until a version containing these fixes can be installed.
References

* String-to-number conversion bugs
* CVE-2009-1563

Related

seebug 9
securityvulns 7
checkpoint_advisories 1
nessus 27
exploitpack 4
packetstorm 4
debian 1
cve 1
osv 1
ubuntucve 1
exploitdb 4
openvas 16
oraclelinux 2
centos 2
redhat 2
fedora 41
vmware 2
ubuntu 2
suse 1
freebsd 1
gentoo 1
seebug
seebug
Mozilla Firefoxๆตฎ็‚น่ฝฌๆขๅ †ๆบขๅ‡บๆผๆดž
2009-10-31 00:00:00
K-Meleon 1.5.3 Remote Array Overrun
2009-11-19 00:00:00
Opera 10.01 Remote Array Overrun
2009-11-19 00:00:00
securityvulns
securityvulns
Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability
2009-10-28 00:00:00
KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)
2009-11-20 00:00:00
Firefox 3.5.3 Remote Array Overrun (UPDATE)
2009-11-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Floating Point Number Conversion Memory Corruption (CVE-2009-1563)
2010-05-12 00:00:00
nessus
nessus
openSUSE Security Update : mozilla-nspr (mozilla-nspr-1510)
2009-11-09 00:00:00
SuSE 10 Security Update : mozilla-nspr (ZYPP Patch Number 6631)
2010-10-11 00:00:00
openSUSE Security Update : mozilla-nspr (mozilla-nspr-1510)
2009-11-09 00:00:00
exploitpack
exploitpack
K-Meleon 1.5.3 - Remote Array Overrun
2009-11-19 00:00:00
SeaMonkey 1.1.8 - Remote Array Overrun
2009-11-19 00:00:00
KDE KDELibs 4.3.3 - Remote Array Overrun
2009-11-19 00:00:00
packetstorm
packetstorm
Opera 10.01 Remote Array Overrun
2009-11-20 00:00:00
KDELibs 4.3.3 Remote Array Overrun
2009-11-20 00:00:00
K-Meleon 1.5.3 Remote Array Overrun
2009-11-20 00:00:00
debian
debian
[SECURITY] [DSA 1931-1] New NSPR packages fix several vulnerabilities
2009-11-08 10:07:37
cve
cve
CVE-2009-1563
2009-10-29 14:30:00
osv
osv
nspr - several vulnerabilities
2009-11-08 00:00:00
ubuntucve
ubuntucve
CVE-2009-0689
2009-07-01 00:00:00
exploitdb
exploitdb
SeaMonkey 1.1.8 - Remote Array Overrun
2009-11-19 00:00:00
KDE KDELibs 4.3.3 - Remote Array Overrun
2009-11-19 00:00:00
K-Meleon 1.5.3 - Remote Array Overrun
2009-11-19 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1931-1)
2009-11-11 00:00:00
Debian Security Advisory DSA 1931-1 (nspr)
2009-11-11 00:00:00
CentOS Update for seamonkey CESA-2009:1531 centos3 i386
2011-08-09 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2009-10-28 00:00:00
firefox security update
2009-10-28 00:00:00
centos
centos
seamonkey security update
2009-10-28 13:15:48
firefox, nspr security update
2009-10-28 13:44:04
redhat
redhat
(RHSA-2009:1531) Critical: seamonkey security update
2009-10-27 00:00:00
(RHSA-2009:1530) Critical: firefox security update
2009-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: firefox-3.5.4-1.fc11
2009-10-29 02:59:35
[SECURITY] Fedora 11 Update: mozvoikko-0.9.7-0.8.rc1.fc11
2009-10-29 02:59:35
[SECURITY] Fedora 11 Update: kazehakase-0.5.8-2.fc11.1
2009-10-29 02:59:35
vmware
vmware
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner regression
2009-11-11 00:00:00
Firefox and Xulrunner vulnerabilities
2009-10-31 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-11-04 14:24:35
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-10-27 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
JSON
Related for SECURITYVULNS:DOC:22701
seebug9securityvulns7checkpoint_advisories1nessus27exploitpack4packetstorm4debian1cve1osv1ubuntucve1exploitdb4openvas16oraclelinux2centos2redhat2fedora41vmware2ubuntu2suse1freebsd1gentoo1