CVE-2009-1044 — Mozilla Firefox vulnerability

CWE-3995 documents5 sources

Severity

9.3CRITICALNVD

EPSS

7.8%

top 7.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedMar 23

Latest updateMay 2

Description

Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmozilla/firefox3.0.7

Patches

Patch: www.mozilla.org ↗Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-x5jm-2j58-gxgp: Mozilla Firefox 3↗2022-05-02

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-03-28

▶

Red Hat

Firefox XUL garbage collection issue (cansecwest pwn2own)↗2009-03-27

▶

💬Community

Bugzilla

CVE-2009-1044 Firefox XUL garbage collection issue (cansecwest pwn2own)↗2009-03-25

▶