CVE-2009-2975

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox version 3.5.2

Description: The issue is related to the improper implementation of setting the document.location property to a value specifying a protocol associated with an external application. This can be exploited by remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property. Examples of affected protocols include the chromehtml: protocol and the aim: protocol.

Recommendations: For Mozilla Firefox version 3.5.2, consider updating to a newer version that properly implements the setting of the document.location property to prevent denial of service attacks. As a temporary workaround, restrict the use of external protocols to minimize the risk of exploitation.