Search for vulnerabilities
Vulnerability details: VCID-hrr4-f5t3-aaaf
Vulnerability ID VCID-hrr4-f5t3-aaaf
Aliases CVE-2009-1044
Summary CVE-2009-1044 Firefox XUL garbage collection issue (cansecwest pwn2own)
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2009:0397
rhas Critical https://access.redhat.com/errata/RHSA-2009:0398
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.09116 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.11885 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.65570 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.65570 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.65570 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.65570 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91337 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91337 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91836 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91836 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91836 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91836 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91836 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91836 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91836 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91836 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91836 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
epss 0.91836 https://api.first.org/data/v1/epss?cve=CVE-2009-1044
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=492212
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2009-1044
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2009-13
Reference id Reference type URL
http://blogs.zdnet.com/security/?p=2934
http://blogs.zdnet.com/security/?p=2941
http://cansecwest.com/index.html
http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html
http://news.cnet.com/8301-1009_3-10199652-83.html
http://osvdb.org/52896
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1044.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1044
https://bugzilla.mozilla.org/show_bug.cgi?id=484320
http://secunia.com/advisories/34471
http://secunia.com/advisories/34505
http://secunia.com/advisories/34510
http://secunia.com/advisories/34511
http://secunia.com/advisories/34521
http://secunia.com/advisories/34527
http://secunia.com/advisories/34549
http://secunia.com/advisories/34550
http://secunia.com/advisories/34792
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368
http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
http://twitter.com/tippingpoint1/status/1351635812
http://www.debian.org/security/2009/dsa-1756
http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
http://www.mandriva.com/security/advisories?name=MDVSA-2009:084
http://www.mozilla.org/security/announce/2009/mfsa2009-13.html
http://www.redhat.com/support/errata/RHSA-2009-0397.html
http://www.redhat.com/support/errata/RHSA-2009-0398.html
http://www.securityfocus.com/archive/1/502303/100/0/threaded
http://www.securityfocus.com/bid/34181
http://www.securitytracker.com/id?1021878
http://www.ubuntu.com/usn/usn-745-1
http://www.vupen.com/english/advisories/2009/0864
http://www.zerodayinitiative.com/advisories/ZDI-09-015
492212 https://bugzilla.redhat.com/show_bug.cgi?id=492212
CVE-2009-1044 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044
CVE-2009-1044 https://nvd.nist.gov/vuln/detail/CVE-2009-1044
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2009-13 https://www.mozilla.org/en-US/security/advisories/mfsa2009-13
RHSA-2009:0397 https://access.redhat.com/errata/RHSA-2009:0397
RHSA-2009:0398 https://access.redhat.com/errata/RHSA-2009:0398
USN-745-1 https://usn.ubuntu.com/745-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1044
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91898
EPSS Score 0.09116
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.