Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-1232
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-02 Apr, 2009 | 17:30
Updated At-29 Sep, 2017 | 01:34

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>3.0
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.0
cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.0
cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.0
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.0.1
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.0.2
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.0.3
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.0.4
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.0.5
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.0.6
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.0.7
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.0.8
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2009-04-27T00:00:00

https://bugzilla.mozilla.org/show_bug.cgi?id=485941 Red Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue.

References
HyperlinkSourceResource
http://milw0rm.com/sploits/2009-Firefox-XUL-0day-PoC.rarcve@mitre.org
Exploit
http://websecurity.com.ua/3216/cve@mitre.org
N/A
http://www.securityfocus.com/bid/34522cve@mitre.org
Exploit
https://bugzilla.mozilla.org/show_bug.cgi?id=485941cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/49521cve@mitre.org
N/A
https://www.exploit-db.com/exploits/8306cve@mitre.org
N/A
Change History
0Changes found
Details not found