ID CVE-2007-5896
Summary Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI.
References
Vulnerable Configurations
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
CVSS
Base: 7.1 (as of 09-11-2007 - 09:23)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
refmap via4
fulldisc 20071102 Firefox 2.0.0.9 remote DoS vulnerability
misc http://www.0x000000.com/index.php?i=467&bin=111010011
osvdb 45296
xf firefox-iframe-javascript-dos(38233)
statements via4
contributor Joshua Bressers
lastmodified 2007-11-19
organization Red Hat
statement Red Hat does not consider this flaw a security issue. This flaw is not exploitable and can only cause a client to stop responding or crash.
Last major update 25-08-2009 - 01:06
Published 08-11-2007 - 15:46
Last modified 28-07-2017 - 21:33
Back to Top