Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1232

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-1232
Last Modified 07 Aug 2009 12:00:00
Published 02 Apr 2009 01:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1232

Summary

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

Vulnerable Systems

Application

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1

  • Mozilla Firefox 3.0.2

  • Mozilla Firefox 3.0.3

  • Mozilla Firefox 3.0.4

  • Mozilla Firefox 3.0.5

  • Mozilla Firefox 3.0.6

  • Mozilla Firefox 3.0.7

  • Mozilla Firefox 3.0.8


References

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=485941

XF - firefox-xml-dos(49521)

BID - 34522

MILW0RM - 8306

MISC - http://websecurity.com.ua/3216/

MISC - http://milw0rm.com/sploits/2009-Firefox-XUL-0day-PoC.rar


Last Updated: 27 May 2016 10:50:30