Test ID:	1.3.6.1.4.1.25623.1.0.900831
Category:	Denial of Service
Title:	Mozilla Firefox 'document.location' Denial Of Service Vulnerability
Summary:	Firefox browser on Windows XP is prone to a denial of service (DoS) vulnerability.
Description:	Summary: Firefox browser on Windows XP is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an incompletely configured protocol handler that does not properly implement setting of the 'document.location' property to a value specifying a protocol associated with an external application, which can be caused via vectors involving a series of function calls that set this property, as demonstrated by the 'chromehtml:' and 'aim:' protocols. Vulnerability Impact: Successful exploitation will allow attackers to cause excessive memory consumption in the affected application and results in Denial of Service condition. Affected Software/OS: Mozilla Firefox version 3.5.2 on Windows XP. Solution: Upgrade to Mozilla Firefox version 3.6.3 or later CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2975 Bugtraq: 20090825 RE: DoS vulnerability in Google Chrome (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-08/0234.html Bugtraq: 20090825 Re: DoS vulnerability in Google Chrome (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-08/0236.html http://archives.neohapsis.com/archives/bugtraq/2009-08/0246.html XForce ISS Database: firefox-doclocation-dos(52923) https://exchange.xforce.ibmcloud.com/vulnerabilities/52923
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.