Firefox Browser DesignMode Null Pointer Dereference DoS Vulnerability - Win Network Vulnerability

Summary

The host is installed with Mozilla Firefox browser and is prone to denial of service vulnerability.

Impact

Successful remote exploitation could result in denying the service. Impact Level: Application

Solution

Upgrade to Firefox version 3.6.3 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html

Insight

Null pointer dereferencing error occurs in the broswer which fails to validate the user input data when designMode module is enabled. These can be exploited via replaceChild or removeChild call, followed by a queryCommandValue, queryCommandState or queryCommandIndeterm call.

Affected

Firefox version 3.x to 3.0.5 on Windows.

References

http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0071
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Mac OS X)
Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability
Oracle VM VirtualBox Local Denial of Service Vulnerability-01 Oct2013 (Mac OS X)
Hummingbird Connectivity FTP service XCWD Overflow
Wireshark IKE Packet Denial of Service Vulnerability (Win)

Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win

Take action and discover your vulnerabilities