CVE-2008-5715
published 2008-12-24CVE-2008-5715: Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.50%
94.4th percentile
Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms.
Affected
93 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | <= 1.0.154.48 | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| microsoft | internet_explorer | <= 6.0.2900.2180 | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4483-hx63-9239: Mozilla Firefox 3
ghsa_unreviewed·2022-05-14
CVE-2008-5715 [MEDIUM] CWE-20 GHSA-4483-hx63-9239: Mozilla Firefox 3
Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms.
GHSA
GHSA-7wrp-3pc5-gg9v: Mozilla Firefox 3
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2009-2953 [MEDIUM] GHSA-7wrp-3pc5-gg9v: Mozilla Firefox 3
Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
GHSA
GHSA-h7qr-2r4v-9236: Microsoft Internet Explorer 6
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2009-2954 [MEDIUM] CWE-20 GHSA-h7qr-2r4v-9236: Microsoft Internet Explorer 6
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
GHSA
GHSA-7mf2-2xwm-399x: Google Chrome 1
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2009-2955 [MEDIUM] CWE-20 GHSA-7mf2-2xwm-399x: Google Chrome 1
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
Red Hat
firefox: CPU consumption via malicious javascript
vendor_redhat·2009-08-21·CVSS 5.0
CVE-2009-2953 [MEDIUM] firefox: CPU consumption via malicious javascript
firefox: CPU consumption via malicious javascript
Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
Red Hat
CVE-2008-5715: Mozilla Firefox 3
vendor_redhat·CVSS 5.0
CVE-2008-5715 [MEDIUM] CVE-2008-5715: Mozilla Firefox 3
Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms.
Statement: Red Hat does not consider a crash of a client application such as Firefox to be a security issue.
Suricata
ET WEB_SPECIFIC_APPS DesktopOnNet frontpage.php app_path Parameter Remote File Inclusion
suricata·2010-07-30
CVE-2008-2649 ET WEB_SPECIFIC_APPS DesktopOnNet frontpage.php app_path Parameter Remote File Inclusion
ET WEB_SPECIFIC_APPS DesktopOnNet frontpage.php app_path Parameter Remote File Inclusion
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS DesktopOnNet frontpage.php app_path Parameter Remote File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/frontpage.php?"; nocase; content:"app_path="; nocase; pcre:"/app_path=\s*(https?|ftps?|php)\:\//i"; reference:cve,2008-2649; reference:url,xforce.iss.net/xforce/xfdb/42790; reference:url,milw0rm.com/exploits/5715; classtype:web-application-attack; sid:2009318; rev:8; metadata:created_at 2010_07_30, cve CVE_2008_2649, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS DesktopOnNet don3_requiem.php app_path Parameter Remote File Inclusion
suricata·2010-07-30
CVE-2008-2649 ET WEB_SPECIFIC_APPS DesktopOnNet don3_requiem.php app_path Parameter Remote File Inclusion
ET WEB_SPECIFIC_APPS DesktopOnNet don3_requiem.php app_path Parameter Remote File Inclusion
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS DesktopOnNet don3_requiem.php app_path Parameter Remote File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/don3_requiem.php?"; nocase; content:"app_path="; nocase; pcre:"/app_path=\s*(https?|ftps?|php)\:\//i"; reference:cve,2008-2649; reference:url,xforce.iss.net/xforce/xfdb/42790; reference:url,milw0rm.com/exploits/5715; classtype:web-application-attack; sid:2009317; rev:8; metadata:created_at 2010_07_30, cve CVE_2008_2649, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access,
http://osvdb.org/51032http://securityreason.com/securityalert/4807http://websecurity.com.ua/3424/http://www.securityfocus.com/archive/1/506006/100/0/threadedhttp://www.securityfocus.com/bid/32988https://exchange.xforce.ibmcloud.com/vulnerabilities/47572https://www.exploit-db.com/exploits/7554http://osvdb.org/51032http://securityreason.com/securityalert/4807http://websecurity.com.ua/3424/http://www.securityfocus.com/archive/1/506006/100/0/threadedhttp://www.securityfocus.com/bid/32988https://exchange.xforce.ibmcloud.com/vulnerabilities/47572https://www.exploit-db.com/exploits/7554
2008-12-24
Published