PT-2007-3988 · Mozilla · Firefox

Carl Hardwick

Published

2007-05-14

Updated

2017-07-29

CVE-2007-2671

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox version 2.0.0.3

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved by using a long hostname in an HREF attribute within an A element, which triggers an out-of-bounds memory access.

Recommendations For Mozilla Firefox version 2.0.0.3, consider avoiding the use of long hostnames in HREF attributes until a patch is available. As a temporary workaround, restrict the length of hostnames in A elements to prevent out-of-bounds memory access.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2671

Affected Products

Firefox

PT-2007-3988 · Mozilla · Firefox

CVE-2007-2671

Related Identifiers

Affected Products

References · 8