Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1169 — Mozilla Firefox vulnerability

CWE-3996 documents6 sources

Severity

9.3CRITICALNVD

EPSS

36.0%

top 2.90%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox

Timeline

PublishedMar 27

Latest updateMay 2

Description

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmozilla/firefox3.0.7+86

Patches

Patch: lists.opensuse.org ↗Patch: lists.opensuse.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-qvx4-j4xw-649x: The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (1)↗2009-03-25

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-03-28

▶

Red Hat

Firefox XSLT memory corruption issue↗2009-03-25

▶

💬Community

Bugzilla

CVE-2009-1169 Firefox XSLT memory corruption issue↗2009-03-25

▶