Vulnerabilities > CVE-2009-2975 - Denial-Of-Service vulnerability in Mozilla Firefox 3.5.2

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

microsoft

mozilla

NVD

Published: 2009-08-27

Updated: 2017-08-17

Summary

Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows XP *	1
Application	Mozilla Mozilla Firefox 3.5.2	1

References

http://archives.neohapsis.com/archives/bugtraq/2009-08/0234.html
http://archives.neohapsis.com/archives/bugtraq/2009-08/0236.html
http://archives.neohapsis.com/archives/bugtraq/2009-08/0246.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/52923