CVE-2009-1827

Firefox 3.0.4 - Denial of Service via SVG Circle Element Radius Attribute

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1827. PoCs published by Thierry Zoller.

AI-analyzed exploit summary This exploit leverages an unclamped loop vulnerability in Firefox's SVG rendering engine by setting an extremely large radius value for a circle, causing a denial of service (DoS) condition. The PoC is a simple HTML file with an SVG element that triggers the issue.

Description

The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Thierry Zoller · htmldosmultiple

https://www.exploit-db.com/exploits/8794

View Code ZIP pw:eip

This exploit leverages an unclamped loop vulnerability in Firefox's SVG rendering engine by setting an extremely large radius value for a circle, causing a denial of service (DoS) condition. The PoC is a simple HTML file with an SVG element that triggers the issue.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Firefox (all versions supporting SVG) and software using the Mozilla engine

No auth needed

Prerequisites: Target must render the malicious SVG file

MITRE ATT&CK