Vulnerabilities > CVE-2007-5896 - Resource Management Errors vulnerability in Mozilla Firefox 2.0.0.9
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Statements
| contributor | Joshua Bressers |
| lastmodified | 2007-11-19 |
| organization | Red Hat |
| statement | Red Hat does not consider this flaw a security issue. This flaw is not exploitable and can only cause a client to stop responding or crash. |
References
- http://osvdb.org/45296
- http://osvdb.org/45296
- http://www.0x000000.com/index.php?i=467&bin=111010011
- http://www.0x000000.com/index.php?i=467&bin=111010011
- http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-11/msg00094.html
- http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-11/msg00094.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38233
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38233