CVE-2009-2470 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

2.7%

top 14.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedAug 4

Latest updateMay 2

Description

Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox3.5.1+93

Patches

Patch: www.mozilla.org ↗Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-gwmw-74gj-55qx: Mozilla Firefox before 3↗2022-05-02

▶

📋Vendor Advisories

Red Hat

Mozilla data corruption with SOCKS5 reply↗2009-07-21

▶

💬Community

Bugzilla

CVE-2009-2470 Mozilla data corruption with SOCKS5 reply↗2009-07-16

▶