PT-2007-6832 · Mozilla · Firefox

Published

2007-11-08

Updated

2017-07-29

CVE-2007-5896

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox version 2.0.0.9

Description The issue allows remote attackers to cause a denial of service, resulting in CPU consumption and crash. This can be achieved by using an iframe with Javascript that sets the document.location to contain a leading NULL byte (x00) and a specific URI, including (1) res://, (2) about:config, or (3) file:///.

Recommendations For Mozilla Firefox version 2.0.0.9, consider disabling the use of iframes with Javascript that set the document.location to contain a leading NULL byte (x00) and the specified URIs until a patch is available. Restrict access to the document.location property to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2007-5896

Affected Products

Firefox

PT-2007-6832 · Mozilla · Firefox

CVE-2007-5896

Weakness Enumeration

Related Identifiers

Affected Products

References · 5