2.6

CVE-2009-0071

Exploit
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call.  NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version3.0
MozillaFirefox Version3.0 Updatealpha
MozillaFirefox Version3.0 Updatebeta2
MozillaFirefox Version3.0 Updatebeta5
MozillaFirefox Version3.0.1
MozillaFirefox Version3.0.2
MozillaFirefox Version3.0.3
MozillaFirefox Version3.0.4
MozillaFirefox Version3.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.59% 0.93
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html
http://www.securityfocus.com/bid/33154
Exploit
https://bugzilla.mozilla.org/show_bug.cgi?id=448329
https://bugzilla.mozilla.org/show_bug.cgi?id=456727
https://bugzilla.mozilla.org/show_bug.cgi?id=472507
https://www.exploit-db.com/exploits/8091
https://www.exploit-db.com/exploits/8219