CVE-2009-2463

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-2463 at MITRE

Description

Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.

NVD CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entries: 522109, 590499, 607935

SUSE Security Advisories:

SUSE-SA:2009:039, published Mon, 27 Jul 2009 09:00:00 +0000
SUSE-SA:2009:042, published Thu, 06 Aug 2009 10:00:00 +0000
SUSE-SR:2010:013, published Mon, 14 Jun 2010 13:00:00 +0000
openSUSE-SU-2010:0273-1, published Wed, 19 May 2010 22:08:14 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 10.3	`MozillaFirefox >= 3.0.12-0.1` `MozillaFirefox-translations >= 3.0.12-0.1`
openSUSE 10.3	`MozillaFirefox >= 3.0.12-0.1` `MozillaFirefox-translations >= 3.0.12-0.1` `mozilla-xulrunner190 >= 1.9.0.12-1.1` `mozilla-xulrunner190-32bit >= 1.9.0.12-1.1` `mozilla-xulrunner190-64bit >= 1.9.0.12-1.1` `mozilla-xulrunner190-devel >= 1.9.0.12-1.1` `mozilla-xulrunner190-gnomevfs >= 1.9.0.12-1.1` `mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.12-1.1` `mozilla-xulrunner190-gnomevfs-64bit >= 1.9.0.12-1.1` `mozilla-xulrunner190-translations >= 1.9.0.12-1.1` `mozilla-xulrunner190-translations-32bit >= 1.9.0.12-1.1` `mozilla-xulrunner190-translations-64bit >= 1.9.0.12-1.1` `python-xpcom190 >= 1.9.0.12-1.1`
SUSE CORE 9 for AMD64 and Intel EM64T	`mozilla >= 1.8.1_seamonkey_1.1.19.112-0.1` `mozilla-devel >= 1.8.1_seamonkey_1.1.19.112-0.1` `mozilla-dom-inspector >= 1.8.1_seamonkey_1.1.19.112-0.1` `mozilla-irc >= 1.8.1_seamonkey_1.1.19.112-0.1` `mozilla-mail >= 1.8.1_seamonkey_1.1.19.112-0.1` `mozilla-venkman >= 1.8.1_seamonkey_1.1.19.112-0.1`	Builds YOU Patch Nr: 12755
Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for Itanium Processor Family SUSE CORE 9 for x86	`mozilla >= 1.8_seamonkey_1.1.19-0.1` `mozilla-devel >= 1.8_seamonkey_1.1.19-0.1` `mozilla-dom-inspector >= 1.8_seamonkey_1.1.19-0.1` `mozilla-irc >= 1.8_seamonkey_1.1.19-0.1` `mozilla-mail >= 1.8_seamonkey_1.1.19-0.1` `mozilla-venkman >= 1.8_seamonkey_1.1.19-0.1`	core9.ia64 core9.s390x core9.s390 core9.x86-64 sles9-oes.x86 core9.x86 sles9-nlpos.x86 core9.ppc YOU Patch Nr: 12616
SLE 11 DESKTOP Unsupported Extras	`MozillaThunderbird >= 2.0.0.24-0.1.1` `MozillaThunderbird-translations >= 2.0.0.24-0.1.1`	Builds SAT Patch Nr: 2176

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute