CVE-2009-1169
published 2009-03-27CVE-2009-1169: The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.46%
95.2th percentile
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
Affected
87 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | <= 3.0.7 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
vendor_ubuntu9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qvx4-j4xw-649x: The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3
ghsa_unreviewed·2022-05-02
CVE-2009-1169 [HIGH] GHSA-qvx4-j4xw-649x: The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
Ubuntu
Firefox and Xulrunner vulnerabilities
vendor_ubuntu·2009-03-28·CVSS 9.3
CVE-2009-1044 [CRITICAL] Firefox and Xulrunner vulnerabilities
Title: Firefox and Xulrunner vulnerabilities
Summary: Firefox and Xulrunner vulnerabilities
It was discovered that Firefox did not properly perform XUL garbage
collection. If a user were tricked into viewing a malicious website, a
remote attacker could cause a denial of service or execute arbitrary code
with the privileges of the user invoking the program. This issue only
affected Ubuntu 8.04 LTS and 8.10. (CVE-2009-1044)
A flaw was discovered in the way Firefox performed XSLT transformations.
If a user were tricked into opening a crafted XSL stylesheet, an attacker
could cause a denial of service or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-1169)
Instructions: After a standard system upgrade you need to restart Firefox and any
applications
Red Hat
Firefox XSLT memory corruption issue
vendor_redhat·2009-03-25·CVSS 9.3
CVE-2009-1169 [CRITICAL] Firefox XSLT memory corruption issue
Firefox XSLT memory corruption issue
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
No detection rules found.
http://blogs.zdnet.com/security/?p=3013http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.htmlhttp://secunia.com/advisories/34471http://secunia.com/advisories/34486http://secunia.com/advisories/34505http://secunia.com/advisories/34510http://secunia.com/advisories/34511http://secunia.com/advisories/34521http://secunia.com/advisories/34527http://secunia.com/advisories/34549http://secunia.com/advisories/34550http://secunia.com/advisories/34792http://support.avaya.com/elmodocs2/security/ASA-2009-113.htmhttp://www.debian.org/security/2009/dsa-1756http://www.mandriva.com/security/advisories?name=MDVSA-2009:084http://www.mozilla.org/security/announce/2009/mfsa2009-12.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0397.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0398.htmlhttp://www.securityfocus.com/bid/34235http://www.securitytracker.com/id?1021939http://www.ubuntu.com/usn/usn-745-1http://www.vupen.com/english/advisories/2009/0853https://bugzilla.mozilla.org/show_bug.cgi?id=460090https://bugzilla.mozilla.org/show_bug.cgi?id=485217https://bugzilla.mozilla.org/show_bug.cgi?id=485286https://exchange.xforce.ibmcloud.com/vulnerabilities/49439https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372https://www.exploit-db.com/exploits/8285https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.htmlhttp://blogs.zdnet.com/security/?p=3013http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.htmlhttp://secunia.com/advisories/34471http://secunia.com/advisories/34486http://secunia.com/advisories/34505http://secunia.com/advisories/34510http://secunia.com/advisories/34511http://secunia.com/advisories/34521http://secunia.com/advisories/34527http://secunia.com/advisories/34549http://secunia.com/advisories/34550http://secunia.com/advisories/34792http://support.avaya.com/elmodocs2/security/ASA-2009-113.htmhttp://www.debian.org/security/2009/dsa-1756http://www.mandriva.com/security/advisories?name=MDVSA-2009:084http://www.mozilla.org/security/announce/2009/mfsa2009-12.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0397.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0398.htmlhttp://www.securityfocus.com/bid/34235http://www.securitytracker.com/id?1021939http://www.ubuntu.com/usn/usn-745-1http://www.vupen.com/english/advisories/2009/0853https://bugzilla.mozilla.org/show_bug.cgi?id=460090https://bugzilla.mozilla.org/show_bug.cgi?id=485217https://bugzilla.mozilla.org/show_bug.cgi?id=485286https://exchange.xforce.ibmcloud.com/vulnerabilities/49439https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372https://www.exploit-db.com/exploits/8285https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
2009-03-27
Published