Lucene search

[email protected]NVD:CVE-2009-1169

HistoryMar 27, 2009 - 12:30 a.m.

CVE-2009-1169

2009-03-2700:30:00

CWE-399

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.96 High

EPSS

Percentile

99.5%

JSON

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

Affected configurations

NVD

Node

mozillafirefoxRange≤3.0.7

mozillafirefoxMatch0.1

mozillafirefoxMatch0.2

mozillafirefoxMatch0.3

mozillafirefoxMatch0.4

mozillafirefoxMatch0.5

mozillafirefoxMatch0.6

mozillafirefoxMatch0.6.1

mozillafirefoxMatch0.7

mozillafirefoxMatch0.7.1

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.9_rc

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0preview_release

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.6linux

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5beta1

mozillafirefoxMatch1.5beta2

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch1.5.0.11

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch1.5.1

mozillafirefoxMatch1.5.2

mozillafirefoxMatch1.5.3

mozillafirefoxMatch1.5.4

mozillafirefoxMatch1.5.5

mozillafirefoxMatch1.5.6

mozillafirefoxMatch1.5.7

mozillafirefoxMatch1.5.8

mozillafirefoxMatch1.8

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0beta_1

mozillafirefoxMatch2.0beta1

mozillafirefoxMatch2.0rc2

mozillafirefoxMatch2.0rc3

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillafirefoxMatch2.0.0.13

mozillafirefoxMatch2.0.0.14

mozillafirefoxMatch2.0.0.15

mozillafirefoxMatch2.0.0.16

mozillafirefoxMatch2.0.0.17

mozillafirefoxMatch2.0.0.18

mozillafirefoxMatch2.0.0.19

mozillafirefoxMatch2.0.0.20

mozillafirefoxMatch2.0.0.21

mozillafirefoxMatch2.0_.1

mozillafirefoxMatch2.0_.4

mozillafirefoxMatch2.0_.5

mozillafirefoxMatch2.0_.6

mozillafirefoxMatch2.0_.7

mozillafirefoxMatch2.0_.9

mozillafirefoxMatch2.0_.10

mozillafirefoxMatch2.0_8

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0alpha

mozillafirefoxMatch3.0beta2

mozillafirefoxMatch3.0beta5

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0beta5

References

blogs.zdnet.com/security/?p=3013

lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html

lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html

secunia.com/advisories/34471

secunia.com/advisories/34486

secunia.com/advisories/34505

secunia.com/advisories/34510

secunia.com/advisories/34511

secunia.com/advisories/34521

secunia.com/advisories/34527

secunia.com/advisories/34549

secunia.com/advisories/34550

secunia.com/advisories/34792

support.avaya.com/elmodocs2/security/ASA-2009-113.htm

www.debian.org/security/2009/dsa-1756

www.mandriva.com/security/advisories?name=MDVSA-2009:084

www.mozilla.org/security/announce/2009/mfsa2009-12.html

www.redhat.com/support/errata/RHSA-2009-0397.html

www.redhat.com/support/errata/RHSA-2009-0398.html

www.securityfocus.com/bid/34235

www.securitytracker.com/id?1021939

www.ubuntu.com/usn/usn-745-1

www.vupen.com/english/advisories/2009/0853

bugzilla.mozilla.org/show_bug.cgi?id=460090

bugzilla.mozilla.org/show_bug.cgi?id=485217

bugzilla.mozilla.org/show_bug.cgi?id=485286

exchange.xforce.ibmcloud.com/vulnerabilities/49439

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372

www.exploit-db.com/exploits/8285

www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.96 High

EPSS

Percentile

99.5%

JSON

Related for NVD:CVE-2009-1169

openvas50 prion1 checkpoint_advisories2 mozilla1 veracode1 securityvulns2 seebug1 cvelist1 cve1 ubuntucve1 oraclelinux2 nessus24 fedora58 centos3 debian2 redhat2 ubuntu1 osv1 suse2 gentoo1