製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Mozilla 製品の JavaScript エンジンにおける任意のコードを実行される脆弱性

Title	複数の Mozilla 製品の JavaScript エンジンにおける任意のコードを実行される脆弱性
Summary	複数の Mozilla 製品の JavaScript エンジンには、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される脆弱性が存在します。
Possible impacts	リモートの攻撃者により、サービス運用妨害 (DoS) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 15, 2009, midnight
Registration Date	Jan. 28, 2010, 12:16 p.m.
Last Update	Jan. 28, 2010, 12:16 p.m.

CVSS2.0 : 危険
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected System

Mozilla Foundation

Mozilla Firefox 3.5.6 未満

Mozilla SeaMonkey 2.0.1 未満

Mozilla Thunderbird 3.0.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-3982	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982
National Vulnerability Database (NVD)
2	CVE-2009-3982	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3982

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Mozilla Foundation Security Advisory
1	MFSA 2009-65	http://www.mozilla.org/security/announce/2009/mfsa2009-65.html
Mozilla Foundation セキュリティアドバイザリ
2	MFSA 2009-65	http://www.mozilla-japan.org/security/announce/2009/mfsa2009-65.html

その他

No	Name	URL
ISS X-Force Database
1	54802	http://xforce.iss.net/xforce/xfdb/54802
Secunia Advisory
2	SA37699	http://secunia.com/advisories/37699
3	SA37783	http://secunia.com/advisories/37783
4	SA37785	http://secunia.com/advisories/37785
SecurityFocus
5	37364	http://www.securityfocus.com/bid/37364
SecurityTracker
6	1023333	http://securitytracker.com/id?1023333
7	1023334	http://securitytracker.com/id?1023334
VUPEN Security
8	VUPEN/ADV-2009-3547	http://www.vupen.com/english/advisories/2009/3547
9	VUPEN/ADV-2009-3558	http://www.vupen.com/english/advisories/2009/3558

Change Log

No	Changed Details	Date of change
0	[2010年01月28日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-3982

Summary	Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Publication Date	Dec. 18, 2009, 2:30 a.m.
Registration Date	Jan. 29, 2021, 1:25 p.m.
Last Update	Sept. 19, 2017, 10:29 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:3.5.1:::::::*
cpe:2.3:a:mozilla:firefox:3.5.2:::::::*
cpe:2.3:a:mozilla:firefox:3.5.3:::::::*
cpe:2.3:a:mozilla:firefox:3.5.4:::::::*
cpe:2.3:a:mozilla:firefox:3.5.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:alpha::::::
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.99:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:alpha::::::
cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.14:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.15:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.16:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.17:::::::*
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.5.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.5.0.10:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1::::::
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
cpe:2.3:a:mozilla:seamonkey::rc2::::::*		2.0
cpe:2.3:a:mozilla:seamonkey:2.0a1::pre:::::
cpe:2.3:a:mozilla:seamonkey:2.0a1pre:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/37699	SECUNIA	Vendor Advisory
2	http://secunia.com/advisories/37783	SECUNIA	Vendor Advisory
3	http://secunia.com/advisories/37785	SECUNIA	Vendor Advisory
4	http://secunia.com/advisories/37856	SECUNIA
5	http://secunia.com/advisories/37881	SECUNIA
6	http://securitytracker.com/id?1023333	SECTRACK
7	http://securitytracker.com/id?1023334	SECTRACK
8	http://www.mozilla.org/security/announce/2009/mfsa2009-65.html	CONFIRM	Patch Vendor Advisory
9	http://www.novell.com/linux/security/advisories/2009_63_firefox.html	SUSE
10	http://www.securityfocus.com/bid/37349	BID
11	http://www.securityfocus.com/bid/37364	BID
12	http://www.ubuntu.com/usn/USN-874-1	UBUNTU
13	http://www.vupen.com/english/advisories/2009/3547	VUPEN	Patch Vendor Advisory
14	http://www.vupen.com/english/advisories/2009/3558	VUPEN	Patch Vendor Advisory
15	https://bugzilla.mozilla.org/show_bug.cgi?id=510518	CONFIRM
16	https://bugzilla.mozilla.org/show_bug.cgi?id=513981	CONFIRM
17	https://bugzilla.mozilla.org/show_bug.cgi?id=514999	CONFIRM
18	https://bugzilla.mozilla.org/show_bug.cgi?id=524121	CONFIRM
19	https://exchange.xforce.ibmcloud.com/vulnerabilities/54802	XF
20	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8434	OVAL
21	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html	FEDORA
22	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html	FEDORA
23	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html	FEDORA

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:3.5.1:::::::*
cpe:2.3:a:mozilla:firefox:3.5.2:::::::*
cpe:2.3:a:mozilla:firefox:3.5.3:::::::*
cpe:2.3:a:mozilla:firefox:3.5.4:::::::*
cpe:2.3:a:mozilla:firefox:3.5.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:alpha::::::
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.99:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:alpha::::::
cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.14:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.15:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.16:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.17:::::::*
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.5.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.5.0.10:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1::::::
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
cpe:2.3:a:mozilla:seamonkey::rc2::::::*		2.0
cpe:2.3:a:mozilla:seamonkey:2.0a1::pre:::::
cpe:2.3:a:mozilla:seamonkey:2.0a1pre:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::