Firefox XSL Parsing Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with Mozilla Firefox browser and is prone to XSL File Parsing Vulnerability.

Impact

Successful exploitation will let the attacker cause remote code execution through a specially crafted malicious XSL file or can cause application termination at runtime. Impact Level: System/Application

Solution

Upgrade to Firefox version 3.0.8 http://www.mozilla.com/en-US/firefox/firefox.html

Insight

This flaw is due to improper handling of errors encountered when transforming an XML document which can be exploited to cause memory corrpution through a specially crafted XSLT code.

Affected

Firefox version 3.0 to 3.0.7 on Linux.

References

http://secunia.com/advisories/34471
http://securitytracker.com/alerts/2009/Mar/1021941.html
http://www.mozilla.org/security/announce/2009/mfsa2009-12.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1169

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Active Perl Modules Multiple Vulnerabilities (Windows)
Apple QuickTime Multiple Vulnerabilities - Jun09
Adobe Reader/Acrobat Denial of Service Vulnerability (May09)
Avast! Zoo Denial of Service Vulnerability
Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Mac OS X)

Take action and discover your vulnerabilities