Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2464 — Out-of-bounds Write in Mozilla Firefox

CWE-3998 documents7 sources

Severity

10.0CRITICALNVD

EPSS

15.3%

top 5.37%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedJul 22

Latest updateMay 2

Description

The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.0.11+82

▶NVDmozilla/seamonkey2.0a1pre

▶NVDmozilla/thunderbird21 versions+20

Patches

Patch: www.mozilla.org ↗Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-qwmc-7c7g-54gx: The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3↗2022-05-02

▶

CVEList

CVE-2009-2464: The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3↗2009-07-22

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox 3.0.11 and Thunderbird 2.0.9 - RDF File Handling Remote Memory Corruption↗2009-06-21

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-07-22

▶

Red Hat

Mozilla crash with multiple RDFs in XUL tree↗2009-07-21

▶

💬Community

Bugzilla

CVE-2009-2464 Mozilla crash with multiple RDFs in XUL tree↗2009-07-16

▶