Summary
The host is installed with Firefox browser on Windows XP and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will allow attackers to cause excessive memory consumption in the affected application and results in Denial of Service condition.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 3.6.3 or later
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
The flaw is due to an incompletely configured protocol handler that does not properly implement setting of the 'document.location' property to a value specifying a protocol associated with an external application, which can be caused via vectors involving a series of function calls that set this property, as demonstrated by the 'chromehtml:' and 'aim:' protocols.
Affected
Mozilla Firefox version 3.5.2 on Windows XP.
References
Severity
Classification
-
CVE CVE-2009-2975 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
- Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability
- Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability
- eZ/eZphotoshare Denial of Service
- Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)