CVE-2008-5715

Firefox - Denial of Service via Long Location Hash String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5715. PoCs published by Jeremy Brown.

AI-analyzed exploit summary This Perl script generates an HTML file that exploits a denial-of-service vulnerability in Mozilla Firefox 3.0.5 by setting an excessively long string to location.hash, causing a crash.

Description

Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jeremy Brown · perldoswindows

https://www.exploit-db.com/exploits/7554

View Code ZIP pw:eip

This Perl script generates an HTML file that exploits a denial-of-service vulnerability in Mozilla Firefox 3.0.5 by setting an excessively long string to location.hash, causing a crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Mozilla Firefox 3.0.5

No auth needed

Prerequisites: None

MITRE ATT&CK