Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5715Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation12 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
8.5%
top 7.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Google ChromeMicrosoft Internet ExplorerMozilla Firefox
Timeline
PublishedDec 24
Latest updateMay 14

Description

Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/firefox14 versions+13
NVDgoogle/chrome1.0.154.48+16
NVDmicrosoft/internet_explorer6.0.2900.2180+61

🔴Vulnerability Details

4
GHSA
GHSA-4483-hx63-9239: Mozilla Firefox 32022-05-14
GHSA
GHSA-7wrp-3pc5-gg9v: Mozilla Firefox 32022-05-02
GHSA
GHSA-h7qr-2r4v-9236: Microsoft Internet Explorer 62022-05-02
GHSA
GHSA-7mf2-2xwm-399x: Google Chrome 12022-05-02

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 3.0.5 - location.hash Remote Crash2008-12-23

📋Vendor Advisories

2
Red Hat
firefox: CPU consumption via malicious javascript2009-08-21
Red Hat
CVE-2008-5715: Mozilla Firefox 3

💬Community

1
Bugzilla
CVE-2009-2953 firefox: CPU consumption via malicious javascript2009-08-24