CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3377

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1800%
EPSS Percentile31.80th
PublishedOct 29, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Firefox

= 3.5
πŸ“¦
Mozilla

Firefox

= 3.5.1
πŸ“¦
Mozilla

Firefox

= 3.5.2
πŸ“¦
Mozilla

Firefox

= 3.5.3

References & Advisories

πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042716.html
πŸ”— http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
πŸ”— http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
πŸ”— http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
πŸ”— http://www.vupen.com/english/advisories/2009/3334
πŸ”— https://bugzilla.mozilla.org/show_bug.cgi?id=512327
πŸ”— https://bugzilla.mozilla.org/show_bug.cgi?id=515376
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6375

Related Vulnerabilities

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...