CVE-2009-1232

Exploit

EPSS 17%
Published 02.04.2009 17:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version3.0

Mozilla ≫ Firefox Version3.0 Updatealpha

Mozilla ≫ Firefox Version3.0 Updatebeta2

Mozilla ≫ Firefox Version3.0 Updatebeta5

Mozilla ≫ Firefox Version3.0.1

Mozilla ≫ Firefox Version3.0.2

Mozilla ≫ Firefox Version3.0.3

Mozilla ≫ Firefox Version3.0.4

Mozilla ≫ Firefox Version3.0.5

Mozilla ≫ Firefox Version3.0.6

Mozilla ≫ Firefox Version3.0.7

Mozilla ≫ Firefox Version3.0.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	17%	0.947

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://milw0rm.com/sploits/2009-Firefox-XUL-0day-PoC.rar

Exploit

http://websecurity.com.ua/3216/

http://www.securityfocus.com/bid/34522

Exploit

https://bugzilla.mozilla.org/show_bug.cgi?id=485941

https://exchange.xforce.ibmcloud.com/vulnerabilities/49521

https://www.exploit-db.com/exploits/8306

https://nvd.nist.gov/vuln/detail/CVE-2009-1232

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1232

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1232

EUVD