Back to search
CVE-2009-0071
Published: Jan 8, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
8219
exploit
x_refsource_EXPLOIT-DB
20090107 Firefox 3.0.5 remote vulnerability via queryCommandState
mailing-list
x_refsource_FULLDISC
https://bugzilla.mozilla.org/show_bug.cgi?id=456727
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=448329
x_refsource_CONFIRM
8091
exploit
x_refsource_EXPLOIT-DB
33154
vdb-entry
x_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=472507
x_refsource_CONFIRM
20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState
mailing-list
x_refsource_FULLDISC
20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now