Fluid Attacks Database

Description

Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	nspr	>=0 <4.8.2-1	4.8.2-1
debian 12	nspr	>=0 <4.8.2-1	4.8.2-1
debian 13	nspr	>=0 <4.8.2-1	4.8.2-1
debian 14	nspr	>=0 <4.8.2-1	4.8.2-1
rpm rhel5	xulrunner	<0:1.9.0.12-1.el5_3	0:1.9.0.12-1.el5_3
rpm rhel5	thunderbird	<0:2.0.0.24-2.el5_4	0:2.0.0.24-2.el5_4
rpm rhel5	firefox	<0:3.0.12-1.el5_3	0:3.0.12-1.el5_3

Aliases

1. CVE-2009-24632. NVD-2009-24633. OSV-DEBIAN-2009-24634. OSV-2009-24635. SECURITY-TRACKER-CVE-2009-2463

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.