CVE-2009-3077Code Injection in Mozilla Firefox

CWE-94Code Injection6 documents5 sources
Severity
9.3CRITICALNVD
EPSS
5.4%
top 9.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedSep 10
Latest updateMay 2

Description

Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmozilla/firefox3.0.13+95

🔴Vulnerability Details

1
GHSA
GHSA-pw85-c3xj-rm6m: Mozilla Firefox before 32022-05-02

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2010-03-18
Ubuntu
Firefox and Xulrunner vulnerabilities2009-09-10
Red Hat
Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability2009-09-09

💬Community

1
Bugzilla
CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability2009-09-07