CVE-2009-0071
Mozilla Firefox 3.0.6 - BODY onload Remote Crash
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.
Mozilla Firefox versión 3.0.5 y anteriores de 3.0.x, cuando designMode está habilitado, permite a atacantes remotos causar una denegación de servicio (desreferencia de un puntero NULL y bloqueo de aplicación) por medio de cierta llamada de (a) replaceChild o (b) removeChild, seguida por una llamada de (1) queryCommandValue, (2) queryCommandState, o (3) queryCommandIndeterm. NOTA: más tarde se informó que las versiones 3.0.6 y 3.0.7 también están afectadas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-01-08 CVE Reserved
- 2009-01-08 CVE Published
- 2023-08-19 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html | Mailing List | |
| http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html | Mailing List | |
| http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html | Mailing List | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=448329 | X_refsource_confirm | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=456727 | X_refsource_confirm | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=472507 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/8091 | 2024-08-07 | |
| http://www.securityfocus.com/bid/33154 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/8219 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0 Search vendor "Mozilla" for product "Firefox" and version "3.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0 Search vendor "Mozilla" for product "Firefox" and version "3.0" | alpha |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0 Search vendor "Mozilla" for product "Firefox" and version "3.0" | beta2 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0 Search vendor "Mozilla" for product "Firefox" and version "3.0" | beta5 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0.1 Search vendor "Mozilla" for product "Firefox" and version "3.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0.2 Search vendor "Mozilla" for product "Firefox" and version "3.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0.3 Search vendor "Mozilla" for product "Firefox" and version "3.0.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0.4 Search vendor "Mozilla" for product "Firefox" and version "3.0.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0.5 Search vendor "Mozilla" for product "Firefox" and version "3.0.5" | - |
Affected
| ||||||