CVE-2009-2464
published 2009-07-22CVE-2009-2464: The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to…
PriorityP351critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
13.23%
95.9th percentile
The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element.
Affected
105 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | <= 3.0.11 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox and Xulrunner vulnerabilities
vendor_ubuntu·2009-07-22·CVSS 10.0
CVE-2009-2462 [CRITICAL] Firefox and Xulrunner vulnerabilities
Title: Firefox and Xulrunner vulnerabilities
Summary: Firefox and Xulrunner vulnerabilities
Several flaws were discovered in the Firefox browser and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2009-2462,
CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2469)
Attila Suszter discovered a flaw in the way Firefox processed Flash content.
If a user were tricked into viewing and navigating within a specially
crafted Flash object, a remote attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-2467)
It was discovere
Red Hat
Mozilla crash with multiple RDFs in XUL tree
vendor_redhat·2009-07-21·CVSS 10.0
CVE-2009-2464 [CRITICAL] Mozilla crash with multiple RDFs in XUL tree
Mozilla crash with multiple RDFs in XUL tree
The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element.
GHSA
GHSA-qwmc-7c7g-54gx: The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3
ghsa_unreviewed·2022-05-02
CVE-2009-2464 [HIGH] GHSA-qwmc-7c7g-54gx: The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3
The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element.
No detection rules found.
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.htmlhttp://rhn.redhat.com/errata/RHSA-2009-1162.htmlhttp://secunia.com/advisories/35914http://secunia.com/advisories/35943http://secunia.com/advisories/35944http://secunia.com/advisories/36005http://secunia.com/advisories/36145http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1http://www.mozilla.org/security/announce/2009/mfsa2009-34.htmlhttp://www.securityfocus.com/bid/35758http://www.vupen.com/english/advisories/2009/1972http://www.vupen.com/english/advisories/2009/2152https://bugzilla.mozilla.org/show_bug.cgi?id=441785https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9594https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.htmlhttp://rhn.redhat.com/errata/RHSA-2009-1162.htmlhttp://secunia.com/advisories/35914http://secunia.com/advisories/35943http://secunia.com/advisories/35944http://secunia.com/advisories/36005http://secunia.com/advisories/36145http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1http://www.mozilla.org/security/announce/2009/mfsa2009-34.htmlhttp://www.securityfocus.com/bid/35758http://www.vupen.com/english/advisories/2009/1972http://www.vupen.com/english/advisories/2009/2152https://bugzilla.mozilla.org/show_bug.cgi?id=441785https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9594https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html
2009-07-22
Published