Description
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Thierry Zoller · textdosmultiple
https://www.exploit-db.com/exploits/8822
References (11)
Core 11
Core References
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0263.html
Exploit x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=469565
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50838
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/506328/100/100/threaded
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5928
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8822
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0247.html
Various Sources x_refsource_misc
http://websecurity.com.ua/3194/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35132
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503876/100/0/threaded
Exploit x_refsource_misc
http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html
Scores
EPSS
0.1685
EPSS Percentile
95.0%
Details
CWE
CWE-399
Status
published
Products (1)
mozilla/firefox
3.0.10
Published
May 29, 2009
Tracked Since
Feb 18, 2026