265165 – (CVE-2009-1232) <=www-client/mozilla-firefox-3.0.8 DOS (CVE-2009-1232)

Bug 265165 (CVE-2009-1232) - <=www-client/mozilla-firefox-3.0.8 DOS (CVE-2009-1232)

Summary: <=www-client/mozilla-firefox-3.0.8 DOS (CVE-2009-1232)

Status:	RESOLVED OBSOLETE

Alias:	CVE-2009-1232

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.milw0rm.com/exploits/8306
Whiteboard:	A3 [upstream]
Keywords:

Depends on:
Blocks:

Reported:	2009-04-06 22:15 UTC by Stefan Behte (RETIRED)
Modified:	2013-09-03 03:08 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-04-06 22:15:33 UTC

CVE-2009-1232 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1232):
  The XUL parser in Mozilla Firefox 3.0.8 and earlier 3.0.x versions
  allows remote attackers to cause a denial of service (memory
  corruption) via an XML document composed of a long series of
  start-tags with no corresponding end-tags.

Comment 1 Nirbheek Chauhan (RETIRED) gentoo-dev

2010-09-16 13:22:58 UTC

Nothing for mozilla team to do here, none of the affected versions are in-tree anymore.