CVE-2009-0071 - OpenCVE

Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:H/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:3.0:::::::*
	cpe:2.3:a:mozilla:firefox:3.0:alpha::::::
	cpe:2.3:a:mozilla:firefox:3.0:beta2::::::
	cpe:2.3:a:mozilla:firefox:3.0:beta5::::::
	cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.5:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html
http://www.securityfocus.com/bid/33154	Exploit
https://bugzilla.mozilla.org/show_bug.cgi?id=448329
https://bugzilla.mozilla.org/show_bug.cgi?id=456727
https://bugzilla.mozilla.org/show_bug.cgi?id=472507
https://www.exploit-db.com/exploits/8091
https://www.exploit-db.com/exploits/8219

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-08T19:00:00

Updated: 2017-09-28T12:57:01

Reserved: 2009-01-08T00:00:00

Link: CVE-2009-0071

JSON object: View

NVD Information

Status : Modified

Published: 2009-01-08T19:30:11.297

Modified: 2017-09-29T01:33:36.183

Link: CVE-2009-0071

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-07T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "8219", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8219"}, {"name": "20090107 Firefox 3.0.5 remote vulnerability via queryCommandState", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329"}, {"name": "8091", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8091"}, {"name": "33154", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33154"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507"}, {"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html"}, {"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0071", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "8219", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8219"}, {"name": "20090107 Firefox 3.0.5 remote vulnerability via queryCommandState", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329"}, {"name": "8091", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8091"}, {"name": "33154", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33154"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507"}, {"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html"}, {"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0071", "datePublished": "2009-01-08T19:00:00", "dateReserved": "2009-01-08T00:00:00", "dateUpdated": "2017-09-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "412DF091-7604-4110-87A0-3488116A97E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "7A1DE6AC-C6AA-4B27-AC21-3293E5357A7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "13AAF607-AEEE-4FAF-BE63-73B1D951EF52", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "20139741-10B1-4E4B-8D5F-A715042049C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "63DF3D65-C992-44CF-89B4-893526C6242E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A9024117-2E8B-4240-9E21-CC501F3879B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected."}, {"lang": "es", "value": "Mozilla Firefox versi\u00f3n 3.0.5 y anteriores de 3.0.x, cuando designMode est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (desreferencia de un puntero NULL y bloqueo de aplicaci\u00f3n) por medio de cierta llamada de (a) replaceChild o (b) removeChild, seguida por una llamada de (1) queryCommandValue, (2) queryCommandState, o (3) queryCommandIndeterm. NOTA: m\u00e1s tarde se inform\u00f3 que las versiones 3.0.6 y 3.0.7 tambi\u00e9n est\u00e1n afectadas."}], "id": "CVE-2009-0071", "lastModified": "2017-09-29T01:33:36.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-01-08T19:30:11.297", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/33154"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/8091"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/8219"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider a crash of a client application such as Firefox to be a security issue.", "lastModified": "2009-01-19T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}