Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2009-AVI-121
Vulnerability from certfr_avis
Deux vulnérabilités affectent Mozilla Firefox et permettent à une personne distante malintentionnée d'exécuter du code arbitraire ou de réaliser un déni de service.
Description
La première concerne une vulnérabilité dans l'interprétation des fichiers XSL et l'autre l'élément XUL tree. Elles permettent à une personne distante malintentionnée de provoquer un déni de service et, dans certaines circonstances, d'exécuter du code arbitraire par le biais d'une corruption mémoire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Mozilla Firefox version 3.0.7 et versions antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eMozilla Firefox version 3.0.7 et versions ant\u00e9rieures.\u003c/p\u003e",
"content": "## Description\n\nLa premi\u00e8re concerne une vuln\u00e9rabilit\u00e9 dans l\u0027interpr\u00e9tation des\nfichiers XSL et l\u0027autre l\u0027\u00e9l\u00e9ment XUL tree. Elles permettent \u00e0 une\npersonne distante malintentionn\u00e9e de provoquer un d\u00e9ni de service et,\ndans certaines circonstances, d\u0027ex\u00e9cuter du code arbitraire par le biais\nd\u0027une corruption m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-1169",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1169"
},
{
"name": "CVE-2009-1044",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1044"
}
],
"initial_release_date": "2009-03-30T00:00:00",
"last_revision_date": "2009-03-30T00:00:00",
"links": [
{
"title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2009-12 et MFSA2009-13 du 27 mars 2009 :",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-12.html"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2009-12 et MFSA2009-13 du 27 mars 2009 :",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-13.html"
}
],
"reference": "CERTA-2009-AVI-121",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-03-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s affectent Mozilla Firefox et permettent \u00e0 une\npersonne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire ou de\nr\u00e9aliser un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2009-12 et MFSA2009-13 du 27 mars 2009",
"url": null
}
]
}
CVE-2009-1044 (GCVE-0-2009-1044)
Vulnerability from cvelistv5
Published
2009-03-23 14:00
Modified
2024-08-07 04:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021878",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/tippingpoint1/status/1351635812"
},
{
"name": "34510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34510"
},
{
"name": "FEDORA-2009-3101",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html"
},
{
"name": "34511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34511"
},
{
"name": "MDVSA-2009:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:084"
},
{
"name": "RHSA-2009:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0397.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cansecwest.com/index.html"
},
{
"name": "SUSE-SA:2009:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html"
},
{
"name": "34505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34505"
},
{
"name": "34521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34521"
},
{
"name": "RHSA-2009:0398",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0398.html"
},
{
"name": "20090330 ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502303/100/0/threaded"
},
{
"name": "34471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-13.html"
},
{
"name": "USN-745-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-745-1"
},
{
"name": "34527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34527"
},
{
"name": "34181",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34181"
},
{
"name": "DSA-1756",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1756"
},
{
"name": "34792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34792"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.cnet.com/8301-1009_3-10199652-83.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.zdnet.com/security/?p=2934"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-015"
},
{
"name": "oval:org.mitre.oval:def:11368",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368"
},
{
"name": "52896",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52896"
},
{
"name": "ADV-2009-0864",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0864"
},
{
"name": "FEDORA-2009-3100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889"
},
{
"name": "34549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34549"
},
{
"name": "34550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009"
},
{
"name": "FEDORA-2009-3099",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=484320"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.zdnet.com/security/?p=2941"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1021878",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/tippingpoint1/status/1351635812"
},
{
"name": "34510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34510"
},
{
"name": "FEDORA-2009-3101",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html"
},
{
"name": "34511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34511"
},
{
"name": "MDVSA-2009:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:084"
},
{
"name": "RHSA-2009:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0397.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cansecwest.com/index.html"
},
{
"name": "SUSE-SA:2009:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html"
},
{
"name": "34505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34505"
},
{
"name": "34521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34521"
},
{
"name": "RHSA-2009:0398",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0398.html"
},
{
"name": "20090330 ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502303/100/0/threaded"
},
{
"name": "34471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-13.html"
},
{
"name": "USN-745-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-745-1"
},
{
"name": "34527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34527"
},
{
"name": "34181",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34181"
},
{
"name": "DSA-1756",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1756"
},
{
"name": "34792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34792"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.cnet.com/8301-1009_3-10199652-83.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.zdnet.com/security/?p=2934"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-015"
},
{
"name": "oval:org.mitre.oval:def:11368",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368"
},
{
"name": "52896",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52896"
},
{
"name": "ADV-2009-0864",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0864"
},
{
"name": "FEDORA-2009-3100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889"
},
{
"name": "34549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34549"
},
{
"name": "34550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009"
},
{
"name": "FEDORA-2009-3099",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=484320"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.zdnet.com/security/?p=2941"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021878",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021878"
},
{
"name": "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits"
},
{
"name": "http://twitter.com/tippingpoint1/status/1351635812",
"refsource": "MISC",
"url": "http://twitter.com/tippingpoint1/status/1351635812"
},
{
"name": "34510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34510"
},
{
"name": "FEDORA-2009-3101",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html"
},
{
"name": "34511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34511"
},
{
"name": "MDVSA-2009:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:084"
},
{
"name": "RHSA-2009:0397",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0397.html"
},
{
"name": "http://cansecwest.com/index.html",
"refsource": "MISC",
"url": "http://cansecwest.com/index.html"
},
{
"name": "SUSE-SA:2009:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html"
},
{
"name": "34505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34505"
},
{
"name": "34521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34521"
},
{
"name": "RHSA-2009:0398",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0398.html"
},
{
"name": "20090330 ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502303/100/0/threaded"
},
{
"name": "34471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34471"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-13.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-13.html"
},
{
"name": "USN-745-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-745-1"
},
{
"name": "34527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34527"
},
{
"name": "34181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34181"
},
{
"name": "DSA-1756",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1756"
},
{
"name": "34792",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34792"
},
{
"name": "http://news.cnet.com/8301-1009_3-10199652-83.html",
"refsource": "MISC",
"url": "http://news.cnet.com/8301-1009_3-10199652-83.html"
},
{
"name": "http://blogs.zdnet.com/security/?p=2934",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=2934"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-015",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-015"
},
{
"name": "oval:org.mitre.oval:def:11368",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368"
},
{
"name": "52896",
"refsource": "OSVDB",
"url": "http://osvdb.org/52896"
},
{
"name": "ADV-2009-0864",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0864"
},
{
"name": "FEDORA-2009-3100",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html"
},
{
"name": "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889",
"refsource": "MISC",
"url": "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889"
},
{
"name": "34549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34549"
},
{
"name": "34550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34550"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm"
},
{
"name": "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009"
},
{
"name": "FEDORA-2009-3099",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=484320",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=484320"
},
{
"name": "http://blogs.zdnet.com/security/?p=2941",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=2941"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1044",
"datePublished": "2009-03-23T14:00:00",
"dateReserved": "2009-03-23T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1169 (GCVE-0-2009-1169)
Vulnerability from cvelistv5
Published
2009-03-27 00:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2009:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"name": "mozilla-xslt-code-execution(49439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49439"
},
{
"name": "34510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34510"
},
{
"name": "8285",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8285"
},
{
"name": "FEDORA-2009-3101",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-12.html"
},
{
"name": "34511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34511"
},
{
"name": "MDVSA-2009:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:084"
},
{
"name": "RHSA-2009:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0397.html"
},
{
"name": "SUSE-SA:2009:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html"
},
{
"name": "1021939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021939"
},
{
"name": "34505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34505"
},
{
"name": "34521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34521"
},
{
"name": "RHSA-2009:0398",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0398.html"
},
{
"name": "34486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34486"
},
{
"name": "34471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=485286"
},
{
"name": "USN-745-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-745-1"
},
{
"name": "34527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34527"
},
{
"name": "34235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34235"
},
{
"name": "DSA-1756",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1756"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=460090"
},
{
"name": "ADV-2009-0853",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0853"
},
{
"name": "34792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34792"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.zdnet.com/security/?p=3013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=485217"
},
{
"name": "FEDORA-2009-3100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html"
},
{
"name": "34549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34549"
},
{
"name": "34550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm"
},
{
"name": "oval:org.mitre.oval:def:11372",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372"
},
{
"name": "FEDORA-2009-3099",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SA:2009:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"name": "mozilla-xslt-code-execution(49439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49439"
},
{
"name": "34510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34510"
},
{
"name": "8285",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8285"
},
{
"name": "FEDORA-2009-3101",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-12.html"
},
{
"name": "34511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34511"
},
{
"name": "MDVSA-2009:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:084"
},
{
"name": "RHSA-2009:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0397.html"
},
{
"name": "SUSE-SA:2009:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html"
},
{
"name": "1021939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021939"
},
{
"name": "34505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34505"
},
{
"name": "34521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34521"
},
{
"name": "RHSA-2009:0398",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0398.html"
},
{
"name": "34486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34486"
},
{
"name": "34471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=485286"
},
{
"name": "USN-745-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-745-1"
},
{
"name": "34527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34527"
},
{
"name": "34235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34235"
},
{
"name": "DSA-1756",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1756"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=460090"
},
{
"name": "ADV-2009-0853",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0853"
},
{
"name": "34792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34792"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.zdnet.com/security/?p=3013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=485217"
},
{
"name": "FEDORA-2009-3100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html"
},
{
"name": "34549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34549"
},
{
"name": "34550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm"
},
{
"name": "oval:org.mitre.oval:def:11372",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372"
},
{
"name": "FEDORA-2009-3099",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1169",
"datePublished": "2009-03-27T00:00:00",
"dateReserved": "2009-03-26T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…