Search for vulnerabilities
Vulnerability details: VCID-uwpq-kb7b-b7he
Vulnerability ID VCID-uwpq-kb7b-b7he
Aliases CVE-2009-0689
Summary Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used by Mozilla appears to be essentially the same as that reported against the libc gdtoa routine by Maksymilian Arciemowicz.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.37529 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.37529 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.41051 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
cvssv2 6.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2009-59
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0689.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0689
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
539784 https://bugzilla.redhat.com/show_bug.cgi?id=539784
559265 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559265
CVE-2009-0689 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
CVE-2009-0689 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10185.txt
CVE-2009-0689;OSVDB-61186 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10187.txt
CVE-2009-0689;OSVDB-61186 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33363.txt
CVE-2009-0689;OSVDB-61186 Exploit https://www.securityfocus.com/bid/37078/info
CVE-2009-0689;OSVDB-61187 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/10184.txt
CVE-2009-0689;OSVDB-61187 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33364.txt
CVE-2009-0689;OSVDB-61187 Exploit https://www.securityfocus.com/bid/37080/info
CVE-2009-0689;OSVDB-61189 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33312.txt
CVE-2009-0689;OSVDB-61189 Exploit https://www.securityfocus.com/bid/36851/info
CVE-2009-0689;OSVDB-62402 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10186.txt
CVE-2009-0689;OSVDB-63639 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33058.txt
CVE-2009-0689;OSVDB-63639 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/dos/33479.c
CVE-2009-0689;OSVDB-63639 Exploit https://www.securityfocus.com/bid/35510/info
CVE-2009-0689;OSVDB-63639 Exploit https://www.securityfocus.com/bid/37687/info
CVE-2009-0689;OSVDB-63641 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33480.txt
CVE-2009-0689;OSVDB-63641 Exploit https://www.securityfocus.com/bid/37688/info
mfsa2009-59 https://www.mozilla.org/en-US/security/advisories/mfsa2009-59
OSVDB-61189;CVE-2009-0689 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/10380.pl
RHSA-2009:1530 https://access.redhat.com/errata/RHSA-2009:1530
RHSA-2009:1531 https://access.redhat.com/errata/RHSA-2009:1531
RHSA-2009:1601 https://access.redhat.com/errata/RHSA-2009:1601
RHSA-2010:0153 https://access.redhat.com/errata/RHSA-2010:0153
RHSA-2010:0154 https://access.redhat.com/errata/RHSA-2010:0154
RHSA-2014:0311 https://access.redhat.com/errata/RHSA-2014:0311
RHSA-2014:0312 https://access.redhat.com/errata/RHSA-2014:0312
USN-871-1 https://usn.ubuntu.com/871-1/
USN-915-1 https://usn.ubuntu.com/915-1/
Data source Exploit-DB
Date added Jan. 8, 2010
Description Apple Mac OSX 10.x - 'libc/strtod(3)' Memory Corruption
Ransomware campaign use Known
Source publication date Jan. 8, 2010
Exploit type dos
Platform osx
Source update date May 23, 2014
Source URL https://www.securityfocus.com/bid/37687/info
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.97064
EPSS Score 0.37529
Published At Aug. 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:10:40.803997+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2009/mfsa2009-59.md 37.0.0