Firefox XSL Parsing Vulnerability (Win) Network Vulnerability

Summary

The host is installed with Mozilla Firefox browser and is prone to XSL File Parsing Vulnerability.

Impact

Successful exploitation will let the attacker cause remote code execution through a specially crafted malicious XSL file or can cause application termination at runtime. Impact Level: System/Application

Solution

Upgrade to Firefox version 3.0.8 http://www.mozilla.com/en-US/firefox/firefox.html

Insight

This flaw is due to improper handling of errors encountered when transforming an XML document which can be exploited to cause memory corrpution through a specially crafted XSLT code.

Affected

Firefox version 3.0 to 3.0.7 on Windows.

References

http://secunia.com/advisories/34471
http://securitytracker.com/alerts/2009/Mar/1021941.html
http://www.mozilla.org/security/announce/2009/mfsa2009-12.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1169

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

cfengine AuthenticationDialogue vulnerability
ClamAV 'find_stream_bounds()' PDF File Processing Denial Of Service Vulnerability
GoodTech SSH Server SFTP Multiple BOF Vulnerabilities
Apple Safari DoS or XSS Vulnerability - July09
Azeotech DAQFactory NETB Datagram Parsing Stack Buffer Overflow Vulnerability

Take action and discover your vulnerabilities