Lucene search

[email protected]CVE-2009-1232

HistoryApr 02, 2009 - 5:30 p.m.

CVE-2009-1232

2009-04-0217:30:00

CWE-20

[email protected]

web.nvd.nist.gov

mozilla

firefox

3.0

dos

memory corruption

xml

cve-2009-1232

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.835 High

EPSS

Percentile

98.5%

JSON

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

Affected configurations

NVD

Node

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0alpha

mozillafirefoxMatch3.0beta2

mozillafirefoxMatch3.0beta5

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0.7

mozillafirefoxMatch3.0.8

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq3.0
mozilla:firefoxmozilla firefoxeq3.0.1
mozilla:firefoxmozilla firefoxeq3.0.2
mozilla:firefoxmozilla firefoxeq3.0.3
mozilla:firefoxmozilla firefoxeq3.0.4
mozilla:firefoxmozilla firefoxeq3.0.5
mozilla:firefoxmozilla firefoxeq3.0.6
mozilla:firefoxmozilla firefoxeq3.0.7
mozilla:firefoxmozilla firefoxeq3.0.8

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	3.0
mozilla:firefox	mozilla firefox	eq	3.0.1
mozilla:firefox	mozilla firefox	eq	3.0.2
mozilla:firefox	mozilla firefox	eq	3.0.3
mozilla:firefox	mozilla firefox	eq	3.0.4
mozilla:firefox	mozilla firefox	eq	3.0.5
mozilla:firefox	mozilla firefox	eq	3.0.6
mozilla:firefox	mozilla firefox	eq	3.0.7
mozilla:firefox	mozilla firefox	eq	3.0.8