VDB
CVE-2009-0071
CVE-2009-0071
PUBLISHED
CVSS 2.5999999046325684 LOW
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.
EPSS 10.86% · 93.5th percentile
Risk Scores
CVSS 2.0
2.5999999046325684
EPSS Score
10.86%
93.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| mozilla | firefox | 3.0, 3.0, 3.0 |
Timeline
- Jan 8, 2009 CVE Published
- Feb 23, 2009 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 8219 exploit
- 20090107 Firefox 3.0.5 remote vulnerability via queryCommandState mailing-list
- https://bugzilla.mozilla.org/show_bug.cgi?id=456727 url
- https://bugzilla.mozilla.org/show_bug.cgi?id=448329 url
- 8091 exploit
- 33154 vdb
- https://bugzilla.mozilla.org/show_bug.cgi?id=472507 url
- 20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState mailing-list
- 20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2009-0071 advisory