CVE-2009-2975

Firefox 3.5.2 - Denial of Service via Document Location Property Manipulation

Title source: llm
STIX 2.1

Description

Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52923
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2009-08/0234.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2009-08/0236.html
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2009-08/0246.html

Scores

EPSS 0.0205
EPSS Percentile 79.1%

Details

Status published
Products (1)
mozilla/firefox 3.5.2
Published Aug 27, 2009
Tracked Since Feb 18, 2026