CVE-2009-1232

EUVD-2009-1231
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
3.0
mozillafirefox
3.0:alpha
mozillafirefox
3.0:beta2
mozillafirefox
3.0:beta5
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
mozillafirefox
3.0.6
mozillafirefox
3.0.7
mozillafirefox
3.0.8
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
dne
jaunty
dne
karmic
dne
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
xulrunner
dapper
dne
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
dne
maverick
dne
natty
dne
oneiric
dne
precise
dne
xulrunner-1.9
dapper
dne
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
precise
dne
xulrunner-1.9.1
dapper
dne
gutsy
dne
hardy
dne
intrepid
dne
jaunty
ignored
karmic
ignored
lucid
dne
maverick
dne
natty
dne
oneiric
dne
precise
dne
xulrunner-1.9.2
dapper
dne
hardy
ignored
intrepid
dne
jaunty
ignored
karmic
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
dne
precise
dne
Common Weakness Enumeration
References
http://milw0rm.com/sploits/2009-Firefox-XUL-0day-PoC.rar
http://websecurity.com.ua/3216/
http://www.securityfocus.com/bid/34522
https://bugzilla.mozilla.org/show_bug.cgi?id=485941
https://exchange.xforce.ibmcloud.com/vulnerabilities/49521
https://www.exploit-db.com/exploits/8306
http://milw0rm.com/sploits/2009-Firefox-XUL-0day-PoC.rar
http://websecurity.com.ua/3216/
http://www.securityfocus.com/bid/34522
https://bugzilla.mozilla.org/show_bug.cgi?id=485941
https://exchange.xforce.ibmcloud.com/vulnerabilities/49521
https://www.exploit-db.com/exploits/8306