CVE-2009-1169 - OpenCVE

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox:0.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.3:::::::*
	cpe:2.3:a:mozilla:firefox:0.4:::::::*
	cpe:2.3:a:mozilla:firefox:0.5:::::::*
	cpe:2.3:a:mozilla:firefox:0.6:::::::*
	cpe:2.3:a:mozilla:firefox:0.6.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.7:::::::*
	cpe:2.3:a:mozilla:firefox:0.7.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.8:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
	cpe:2.3:a:mozilla:firefox:0.9_rc:::::::*
	cpe:2.3:a:mozilla:firefox:0.10:::::::*
	cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.0:::::::*
	cpe:2.3:a:mozilla:firefox:1.0:preview_release::::::
	cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.6::linux:::::
	cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.8:::::::*
	cpe:2.3:a:mozilla:firefox:1.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
	cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
	cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.4:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.7:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.8:::::::*
	cpe:2.3:a:mozilla:firefox:1.8:::::::*
	cpe:2.3:a:mozilla:firefox:2.0:::::::*
	cpe:2.3:a:mozilla:firefox:2.0:beta_1::::::
	cpe:2.3:a:mozilla:firefox:2.0:beta1::::::
	cpe:2.3:a:mozilla:firefox:2.0:rc2::::::
	cpe:2.3:a:mozilla:firefox:2.0:rc3::::::
	cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.7:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.8:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.9:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.10:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.11:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.12:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.13:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.14:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.15:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.16:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.17:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.18:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.19:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.20:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.21:::::::*
cpe:2.3:a:mozilla:firefox:2.0_.1:::::::*
cpe:2.3:a:mozilla:firefox:2.0_.4:::::::*
cpe:2.3:a:mozilla:firefox:2.0_.5:::::::*
cpe:2.3:a:mozilla:firefox:2.0_.6:::::::*
cpe:2.3:a:mozilla:firefox:2.0_.7:::::::*
cpe:2.3:a:mozilla:firefox:2.0_.9:::::::*
cpe:2.3:a:mozilla:firefox:2.0_.10:::::::*
cpe:2.3:a:mozilla:firefox:2.0_8:::::::*
cpe:2.3:a:mozilla:firefox:3.0:::::::*
cpe:2.3:a:mozilla:firefox:3.0:alpha::::::
cpe:2.3:a:mozilla:firefox:3.0:beta2::::::
cpe:2.3:a:mozilla:firefox:3.0:beta5::::::
cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
cpe:2.3:a:mozilla:firefox:3.0.2:::::::*
cpe:2.3:a:mozilla:firefox:3.0.3:::::::*
cpe:2.3:a:mozilla:firefox:3.0.4:::::::*
cpe:2.3:a:mozilla:firefox:3.0.5:::::::*
cpe:2.3:a:mozilla:firefox:3.0.6:::::::*
cpe:2.3:a:mozilla:firefox:3.0beta5:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
seamonkey-0:1.0.9-0.32.el2	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2009:0398	2009-03-27T00:00:00Z
Red Hat Enterprise Linux 3
seamonkey-0:1.0.9-0.36.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2009:0398	2009-03-27T00:00:00Z
Red Hat Enterprise Linux 4
firefox-0:3.0.7-3.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:0397	2009-03-27T00:00:00Z
seamonkey-0:1.0.9-40.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:0398	2009-03-27T00:00:00Z
Red Hat Enterprise Linux 5
xulrunner-0:1.9.0.7-3.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:0397	2009-03-27T00:00:00Z

References

Link	Providers
http://blogs.zdnet.com/security/?p=3013
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
http://secunia.com/advisories/34471
http://secunia.com/advisories/34486
http://secunia.com/advisories/34505
http://secunia.com/advisories/34510
http://secunia.com/advisories/34511
http://secunia.com/advisories/34521
http://secunia.com/advisories/34527
http://secunia.com/advisories/34549
http://secunia.com/advisories/34550
http://secunia.com/advisories/34792
http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm
http://www.debian.org/security/2009/dsa-1756
http://www.mandriva.com/security/advisories?name=MDVSA-2009:084
http://www.mozilla.org/security/announce/2009/mfsa2009-12.html
http://www.redhat.com/support/errata/RHSA-2009-0397.html
http://www.redhat.com/support/errata/RHSA-2009-0398.html
http://www.securityfocus.com/bid/34235
http://www.securitytracker.com/id?1021939
http://www.ubuntu.com/usn/usn-745-1
http://www.vupen.com/english/advisories/2009/0853
https://bugzilla.mozilla.org/show_bug.cgi?id=460090
https://bugzilla.mozilla.org/show_bug.cgi?id=485217
https://bugzilla.mozilla.org/show_bug.cgi?id=485286
https://exchange.xforce.ibmcloud.com/vulnerabilities/49439
https://nvd.nist.gov/vuln/detail/CVE-2009-1169
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372
https://www.cve.org/CVERecord?id=CVE-2009-1169
https://www.exploit-db.com/exploits/8285
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-03-27T00:00:00

Updated: 2024-08-07T05:04:49.375Z

Reserved: 2009-03-26T00:00:00

Link: CVE-2009-1169

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-03-27T00:30:00.280

Modified: 2017-09-29T01:34:12.670

Link: CVE-2009-1169

Redhat

Severity : Critical

Publid Date: 2009-03-25T00:00:00Z

Links: CVE-2009-1169 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object