PT-2007-6832 · Mozilla · Firefox

Publicado

2007-11-08

Atualizado

2017-07-29

CVE-2007-5896

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox version 2.0.0.9

Description The issue allows remote attackers to cause a denial of service, resulting in CPU consumption and crash. This can be achieved by using an iframe with Javascript that sets the document.location to contain a leading NULL byte (x00) and a specific URI, including (1) res://, (2) about:config, or (3) file:///.

Recommendations For Mozilla Firefox version 2.0.0.9, consider disabling the use of iframes with Javascript that set the document.location to contain a leading NULL byte (x00) and the specified URIs until a patch is available. Restrict access to the document.location property to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2007-5896

Produtos afetados

Firefox

PT-2007-6832 · Mozilla · Firefox

CVE-2007-5896

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5