CVE-2009-1828 - Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, applicat

CVE-2009-1828

Summary

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 10-10-2018 - 19:38)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

oval via4

accepted

2014-03-17T04:00:23.083-04:00

class

vulnerability

contributors

name Chandan S
organization SecPod Technologies
name Sergey Artykhov
organization ALTX-SOFT
name Sergey Artykhov
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment	Mozilla Firefox Mainline release is installed
oval	oval:org.mitre.oval:def:22259

description

family

windows

oval:org.mitre.oval:def:5928

status

accepted

submitted

2009-09-23T09:45:11

title

Mozilla Firefox 'keygen' HTML Tag Denial of Service Vulnerability

version

refmap via4

bid	35132
bugtraq	20090528 [TZO-27-2009] Firefox Denial of Service (Keygen) 20090908 Re: DoS vulnerability in Google Chrome
exploit-db	8822
fulldisc	20090527 [TZO-27-2009] Firefox Denial of Service (Keygen) 20090528 Re: [TZO-27-2009] Firefox Denial of Service (Keygen)
misc	http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html http://websecurity.com.ua/3194/ https://bugzilla.mozilla.org/show_bug.cgi?id=469565
xf	firefox-keygen-dos(50838)

Last major update

10-10-2018 - 19:38

Published

29-05-2009 - 20:30

Last modified

10-10-2018 - 19:38