CVE-2009-1828
published 2009-05-29CVE-2009-1828: Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.78%
94.5th percentile
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected.
Affected
90 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | <= 1.0.154.48 | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| microsoft | internet_explorer | 6.0 – 6.00.2900.2180 | — |
| microsoft | internet_explorer | 7.0 – 7.0.6000.16711 | — |
| mozilla | firefox | — | — |
| opera | opera_browser | <= 9.52 | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h2jh-pqwh-qf23: Google Chrome 1
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2009-3268 [MEDIUM] GHSA-h2jh-pqwh-qf23: Google Chrome 1
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
GHSA
GHSA-7q7f-994w-22j8: Microsoft Internet Explorer 6 through 6
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2009-3267 [MEDIUM] CWE-400 GHSA-7q7f-994w-22j8: Microsoft Internet Explorer 6 through 6
Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
GHSA
GHSA-6r2f-63wm-774p: Opera 9
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2009-3269 [MEDIUM] GHSA-6r2f-63wm-774p: Opera 9
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.
GHSA
GHSA-m8gp-2hwh-pvjg: Mozilla Firefox 3
ghsa_unreviewed·2022-05-02
CVE-2009-1828 [MEDIUM] GHSA-m8gp-2hwh-pvjg: Mozilla Firefox 3
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0247.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2009-05/0263.htmlhttp://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.htmlhttp://websecurity.com.ua/3194/http://www.securityfocus.com/archive/1/503876/100/0/threadedhttp://www.securityfocus.com/archive/1/506328/100/100/threadedhttp://www.securityfocus.com/bid/35132https://bugzilla.mozilla.org/show_bug.cgi?id=469565https://exchange.xforce.ibmcloud.com/vulnerabilities/50838https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5928https://www.exploit-db.com/exploits/8822http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0247.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2009-05/0263.htmlhttp://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.htmlhttp://websecurity.com.ua/3194/http://www.securityfocus.com/archive/1/503876/100/0/threadedhttp://www.securityfocus.com/archive/1/506328/100/100/threadedhttp://www.securityfocus.com/bid/35132https://bugzilla.mozilla.org/show_bug.cgi?id=469565https://exchange.xforce.ibmcloud.com/vulnerabilities/50838https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5928https://www.exploit-db.com/exploits/8822
2009-05-29
Published