Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4fs2-bedf-wbg3
Vulnerability ID VCID-4fs2-bedf-wbg3
Aliases CVE-2009-1304
Summary Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.06664 https://api.first.org/data/v1/epss?cve=CVE-2009-1304
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2009-14
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1304.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1304
496255 https://bugzilla.redhat.com/show_bug.cgi?id=496255
CVE-2009-1304 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2009-14 https://www.mozilla.org/en-US/security/advisories/mfsa2009-14
RHSA-2009:0436 https://access.redhat.com/errata/RHSA-2009:0436
USN-764-1 https://usn.ubuntu.com/764-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.9136
EPSS Score 0.06664
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:27:42.510961+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2009/mfsa2009-14.md 38.6.0