CVE-2009-1828

Severity

50%

Complexity

99%

Confidentiality

48%

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected.

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 16 years ago

2009-05-29 20:30:00

Last updated 6 years ago

2018-10-10 19:38:00

Affected Software

Mozilla Firefox 3.0.10

3.0.10

References

20090527 [TZO-27-2009] Firefox Denial of Service (Keygen)

Exploit

20090528 Re: [TZO-27-2009] Firefox Denial of Service (Keygen)

http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html

Exploit

http://websecurity.com.ua/3194/

20090528 [TZO-27-2009] Firefox Denial of Service (Keygen)

20090908 Re: DoS vulnerability in Google Chrome

35132

https://bugzilla.mozilla.org/show_bug.cgi?id=469565

Exploit

firefox-keygen-dos(50838)

oval:org.mitre.oval:def:5928

8822

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.