Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1232 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation9 documents4 sources

Severity

7.8HIGHNVD

NVD4.3

EPSS

16.0%

top 5.21%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer Mozilla Firefox

Timeline

PublishedApr 2

Latest updateMay 2

Description

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox9 versions+8

▶NVDmicrosoft/internet_explorer6, 7+1

🔴Vulnerability Details

GHSA

GHSA-rrwf-mrcc-mrgc: Mozilla Firefox 3↗2022-05-02

▶

GHSA

GHSA-69rh-9hxh-3h4x: Microsoft Internet Explorer 6 through 6↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (3)↗2009-05-01

▶

Exploit-DB

Beatport Player 1.0.0.283 - '.m3u' Local Overwrite (SEH)↗2009-05-01

▶

Exploit-DB

Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (2)↗2009-05-01

▶

Exploit-DB

Mozilla Firefox 3.0.x - XML Parser Memory Corruption / Denial of Service (PoC)↗2009-03-30

▶

📋Vendor Advisories

Red Hat

CVE-2009-1232: Mozilla Firefox 3↗

▶