Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0071Mozilla Firefox vulnerability

CWE-3994 documents4 sources
Severity
2.6LOWNVD
EPSS
10.9%
top 6.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mozilla Firefox
Timeline
PublishedJan 8
Latest updateMay 2

Description

Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox6 versions+5

🔴Vulnerability Details

1
GHSA
GHSA-ffhj-vphp-4358: Mozilla Firefox 32022-05-02

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 3.0.6 - BODY onload Remote Crash2009-02-23

📋Vendor Advisories

1
Red Hat
CVE-2009-0071: Mozilla Firefox 3