PT-2009-4293 · Mozilla · Firefox
Thierry Zoller
·
Published
2009-05-29
·
Updated
2018-10-10
·
CVE-2009-1828
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions:
Mozilla Firefox versions prior to 3.0.10
Description:
The issue allows remote attackers to cause a denial of service, resulting in an infinite loop, application hang, and memory consumption. This can be achieved via a KEYGEN element used in conjunction with either a META element that specifies automatic page refresh or a JavaScript onLoad event handler for a BODY element.
Recommendations:
For versions prior to 3.0.10, consider disabling the use of KEYGEN elements in conjunction with META elements that specify automatic page refresh or JavaScript onLoad event handlers for BODY elements until a fix is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox