Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0821 — Uncontrolled Resource Consumption in Mozilla Firefox

CWE-399 CWE-400 — Uncontrolled Resource Consumption13 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

5.5%

top 9.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Google Chrome Microsoft Internet Explorer Mozilla Firefox +1 more

Timeline

PublishedMar 5

Latest updateMay 14

Description

Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDmozilla/firefox2.0.0.20+79

▶NVDgoogle/chrome0.2.149.29+1

▶NVDopera/opera_browser9.52+54

▶NVDmicrosoft/internet_explorer7.0 — 7.0.6000.16711

🔴Vulnerability Details

GHSA

GHSA-xxww-hv47-2ppx: Google Chrome 0↗2022-05-14

▶

GHSA

GHSA-526x-4gfg-f5vp: Opera 9↗2022-05-14

▶

GHSA

GHSA-jfpp-cqw2-38m3: Mozilla Firefox 3↗2022-05-14

▶

GHSA

GHSA-v973-q8fj-656q: Mozilla Firefox 2↗2022-05-02

▶

GHSA

GHSA-73pf-mvfq-rghp: Microsoft Internet Explorer 7 through 7↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox 2.0.x - Nested 'window.print()' Denial of Service↗2009-03-03

▶

📋Vendor Advisories

Red Hat

Firefox: DoS (hang) via "printing DoS attack"↗2008-09-19

▶

💬Community

Bugzilla

CVE-2008-7244 Firefox: DoS (hang) via "printing DoS attack"↗2009-09-21

▶