CVE-2009-2043

Firefox 3.0.2-3.0.10 - Denial of Service via TinyMCE Interaction

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2043. PoCs published by Bret McMillan.

AI-analyzed exploit summary This is a step-by-step writeup describing how to trigger a denial-of-service vulnerability in Mozilla Firefox versions 3.0.2 through 3.0.10 by manipulating a document's HTML content. The exploit involves creating a document, switching to HTML mode, pasting specific content, and reopening the session to cause a crash.

Description

nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Bret McMillan · textdoslinux
https://www.exploit-db.com/exploits/33042

This is a step-by-step writeup describing how to trigger a denial-of-service vulnerability in Mozilla Firefox versions 3.0.2 through 3.0.10 by manipulating a document's HTML content. The exploit involves creating a document, switching to HTML mode, pasting specific content, and reopening the session to cause a crash.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Firefox 3.0.2 through 3.0.10
No auth needed
Prerequisites: Access to Mozilla Firefox 3.0.2 through 3.0.10 · Ability to create and edit documents in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=488570
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35413
Issue Tracking x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=490425
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1095.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51197

Scores

EPSS 0.0374
EPSS Percentile 88.2%

Details

CWE
CWE-20
Status published
Products (9)
mozilla/firefox 3.0.2
mozilla/firefox 3.0.3
mozilla/firefox 3.0.4
mozilla/firefox 3.0.5
mozilla/firefox 3.0.6
mozilla/firefox 3.0.7
mozilla/firefox 3.0.8
mozilla/firefox 3.0.9
mozilla/firefox 3.0.10
Published Jun 12, 2009
Tracked Since Feb 18, 2026