Description
Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Thierry Zoller · textdosmultiple
https://www.exploit-db.com/exploits/9160
References (7)
Core 7
Core References
Issue Tracking x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=460713
Various Sources x_refsource_misc
http://www.g-sec.lu/one-bug-to-rule-them-all.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504988/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/505006/100/0/threaded
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/9160
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504969/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504989/100/0/threaded
Scores
EPSS
0.0824
EPSS Percentile
92.2%
Details
CWE
CWE-189
Status
published
Products (46)
mozilla/firefox
0.1
mozilla/firefox
0.2
mozilla/firefox
0.4
mozilla/firefox
0.6
mozilla/firefox
0.6.1
mozilla/firefox
0.7
mozilla/firefox
0.8
mozilla/firefox
0.9 (2 CPE variants)
mozilla/firefox
0.9.1
mozilla/firefox
0.9.2
... and 36 more
Published
Jul 20, 2009
Tracked Since
Feb 18, 2026