Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1828Uncontrolled Resource Consumption in Mozilla Firefox

CWE-399CWE-400Uncontrolled Resource Consumption9 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
16.9%
top 5.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Google ChromeMicrosoft Internet ExplorerOpera Browser+1 more
Timeline
PublishedMay 29
Latest updateMay 2

Description

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

NVDmozilla/firefox3.0.10
NVDgoogle/chrome1.0.154.48+16
NVDopera/opera_browser9.52+69
NVDmicrosoft/internet_explorer6.06.00.2900.2180+1

🔴Vulnerability Details

4
GHSA
GHSA-h2jh-pqwh-qf23: Google Chrome 12022-05-02
GHSA
GHSA-7q7f-994w-22j8: Microsoft Internet Explorer 6 through 62022-05-02
GHSA
GHSA-6r2f-63wm-774p: Opera 92022-05-02
GHSA
GHSA-m8gp-2hwh-pvjg: Mozilla Firefox 32022-05-02

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 3.0.10 - 'KEYGEN' Remote Denial of Service2009-05-29