Mozilla Firefox 'keygen' HTML Tag DOS Vulnerability (Win) Network Vulnerability

Summary

The host is installed with Mozilla Firefox browser and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will let attackers to cause the browser to stop responding, infinite loop, application hang, and memory consumption, and can cause denying service to legitimate users. Impact Level: Application

Solution

Upgrade to Firefox version 3.6.3 or later, For updates refer tohttp://www.mozilla.com/en-US/

Insight

- Error exists via KEYGEN element in conjunction with a META element specifying automatic page refresh or a JavaScript onLoad event handler for a BODY element. - Error caused while passing a large value in the r (aka Radius) attribute of a circle element, related to an 'unclamped loop.'.

Affected

Firefox version 3.0.4 and 3.0.10 on Windows

References

http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html
http://xforce.iss.net/xforce/xfdb/50721

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1827, CVE-2009-1828
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability
Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
freeFTPD PORT Command Denial of Service Vulnerability
Cherokee POST request DoS
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities