CVE-2009-2953
published 2009-08-24CVE-2009-2953: Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
4.63%
90.5th percentile
Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7wrp-3pc5-gg9v: Mozilla Firefox 3
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2009-2953 [MEDIUM] GHSA-7wrp-3pc5-gg9v: Mozilla Firefox 3
Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
Red Hat
firefox: CPU consumption via malicious javascript
vendor_redhat·2009-08-21·CVSS 5.0
CVE-2009-2953 [MEDIUM] firefox: CPU consumption via malicious javascript
firefox: CPU consumption via malicious javascript
Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
No detection rules found.
2009-08-24
Published