CVE-2009-1828

2009-05-2900:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.068

Percentile

93.9%

JSON

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service
(infinite loop, application hang, and memory consumption) via a KEYGEN
element in conjunction with (1) a META element specifying automatic page
refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE:
it was later reported that earlier versions are also affected.

Bugs

<https://bugzilla.mozilla.org/show_bug.cgi?id=469565>

Notes

Author	Note
jdstrand	CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. infinite loop via javascript onLoad. Assigning negligible for now as the same could be achieved by visiting any malicious website

Author

Note

jdstrand

CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. infinite loop via javascript onLoad. Assigning negligible for now as the same could be achieved by visiting any malicious website