CVE-2009-2953

Mozilla Firefox - Resource Management Error

Title source: rule

Description

Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jeremy Brown · perldoswindows

https://www.exploit-db.com/exploits/7554

View Code ZIP pw:eip

References (2)

[Various Sources] http://websecurity.com.ua/3424/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/506006/100/0/threaded

Scores

EPSS 0.0260

EPSS Percentile 85.7%

Details

CWE

CWE-399

Status published

Products (13)

mozilla/firefox 3.0.6

mozilla/firefox 3.0.7

mozilla/firefox 3.0.8

mozilla/firefox 3.0.9

mozilla/firefox 3.0.10

mozilla/firefox 3.0.11

mozilla/firefox 3.0.12

mozilla/firefox 3.0.13

mozilla/firefox 3.5

mozilla/firefox 3.5.1

... and 3 more

Published Aug 24, 2009

Tracked Since Feb 18, 2026