CVE-2009-0774

Publication date 4 March 2009

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.

Read the notes from the security team

Status

Package Ubuntu Release Status

Notes

jdstrand

CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package.

References

Related Ubuntu Security Notices (USN)

    • USN-741-1
    • Thunderbird vulnerabilities
    • 19 March 2009
    • USN-728-2
    • Firefox vulnerabilities
    • 6 March 2009
    • USN-728-1
    • Firefox and Xulrunner vulnerabilities
    • 5 March 2009
    • USN-728-3
    • Firefox vulnerabilities
    • 6 March 2009

Other references