Summary
The host is installed with Mozilla Firefox browser and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will let attackers to cause the browser to stop responding, infinite loop, application hang, and memory consumption, and can cause denying service to legitimate users.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Flaws are due to,
- Error exists via KEYGEN element in conjunction with a META element specifying automatic page refresh or a JavaScript onLoad event handler for a BODY element.
- Error caused while passing a large value in the r (aka Radius) attribute of a circle element, related to an 'unclamped loop.'.
Affected
Firefox version 3.0.4 and 3.0.10 on Linux
References
Severity
Classification
-
CVE CVE-2009-1827, CVE-2009-1828 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- at32 Reverse Proxy Multiple HTTP Header Fields Denial Of Service Vulnerability
- Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Mac OS X)
- Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Win
- ddrLPD Remote Denial of Service Vulnerability
- ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)