1. Home
  2. CVE Database
  3. CVE-2009-0071
LOW · 2.6

CVE-2009-0071

Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) re...

Vulnerability Description

Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.

CVSS Score

2.6

LOW

AV:N/AC:H/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
MozillaFirefox3.0

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2009-0071?

CVE-2009-0071 is a vulnerability with a CVSS score of 2.6 (LOW). Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) re...

How severe is CVE-2009-0071?

CVE-2009-0071 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0071?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.