CVE-2009-0071 - Vulnerability Details - OpenCVE

Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:3.0:::::::*
	cpe:2.3:a:mozilla:firefox:3.0:alpha::::::
	cpe:2.3:a:mozilla:firefox:3.0:beta2::::::
	cpe:2.3:a:mozilla:firefox:3.0:beta5::::::
	cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.5:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html
http://www.securityfocus.com/bid/33154
https://bugzilla.mozilla.org/show_bug.cgi?id=448329
https://bugzilla.mozilla.org/show_bug.cgi?id=456727
https://bugzilla.mozilla.org/show_bug.cgi?id=472507
https://www.exploit-db.com/exploits/8091
https://www.exploit-db.com/exploits/8219

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-08T19:00:00

Updated: 2024-08-07T04:24:17.076Z

Reserved: 2009-01-08T00:00:00

Link: CVE-2009-0071

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-01-08T19:30:11.297

Modified: 2024-11-21T00:58:59.670

Link: CVE-2009-0071

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-07T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "8219", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8219"}, {"name": "20090107 Firefox 3.0.5 remote vulnerability via queryCommandState", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329"}, {"name": "8091", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8091"}, {"name": "33154", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33154"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507"}, {"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html"}, {"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0071", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "8219", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8219"}, {"name": "20090107 Firefox 3.0.5 remote vulnerability via queryCommandState", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329"}, {"name": "8091", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8091"}, {"name": "33154", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33154"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507"}, {"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html"}, {"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:24:17.076Z"}, "title": "CVE Program Container", "references": [{"name": "8219", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/8219"}, {"name": "20090107 Firefox 3.0.5 remote vulnerability via queryCommandState", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329"}, {"name": "8091", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/8091"}, {"name": "33154", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33154"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507"}, {"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html"}, {"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0071", "datePublished": "2009-01-08T19:00:00", "dateReserved": "2009-01-08T00:00:00", "dateUpdated": "2024-08-07T04:24:17.076Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "412DF091-7604-4110-87A0-3488116A97E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "7A1DE6AC-C6AA-4B27-AC21-3293E5357A7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "13AAF607-AEEE-4FAF-BE63-73B1D951EF52", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "20139741-10B1-4E4B-8D5F-A715042049C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "63DF3D65-C992-44CF-89B4-893526C6242E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A9024117-2E8B-4240-9E21-CC501F3879B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected."}, {"lang": "es", "value": "Mozilla Firefox versi\u00f3n 3.0.5 y anteriores de 3.0.x, cuando designMode est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (desreferencia de un puntero NULL y bloqueo de aplicaci\u00f3n) por medio de cierta llamada de (a) replaceChild o (b) removeChild, seguida por una llamada de (1) queryCommandValue, (2) queryCommandState, o (3) queryCommandIndeterm. NOTA: m\u00e1s tarde se inform\u00f3 que las versiones 3.0.6 y 3.0.7 tambi\u00e9n est\u00e1n afectadas."}], "id": "CVE-2009-0071", "lastModified": "2024-11-21T00:58:59.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-01-08T19:30:11.297", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/33154"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/8091"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/8219"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/33154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/8091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/8219"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider a crash of a client application such as Firefox to be a security issue.", "lastModified": "2009-01-19T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}