ID de Prueba:	1.3.6.1.4.1.25623.1.0.800625
Categoría:	Denial of Service
Título:	Mozilla Firefox 'keygen' HTML Tag DOS Vulnerability - Linux
Resumen:	Mozilla Firefox is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Mozilla Firefox is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Flaws are due to: - Error exists via KEYGEN element in conjunction with a META element specifying automatic page refresh or a JavaScript onLoad event handler for a BODY element. - Error caused while passing a large value in the r (aka Radius) attribute of a circle element, related to an 'unclamped loop.'. Vulnerability Impact: Successful exploitation will let attackers to cause the browser to stop responding, infinite loop, application hang, and memory consumption, and can cause denying service to legitimate users. Affected Software/OS: Mozilla Firefox version 3.0.4 and 3.0.10. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1828 BugTraq ID: 35132 http://www.securityfocus.com/bid/35132 Bugtraq: 20090528 [TZO-27-2009] Firefox Denial of Service (Keygen) (Google Search) http://www.securityfocus.com/archive/1/503876/100/0/threaded Bugtraq: 20090908 Re: DoS vulnerability in Google Chrome (Google Search) http://www.securityfocus.com/archive/1/506328/100/100/threaded https://www.exploit-db.com/exploits/8822 http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0247.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0263.html http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html http://websecurity.com.ua/3194/ https://bugzilla.mozilla.org/show_bug.cgi?id=469565 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5928 XForce ISS Database: firefox-keygen-dos(50838) https://exchange.xforce.ibmcloud.com/vulnerabilities/50838 Common Vulnerability Exposure (CVE) ID: CVE-2009-1827 Bugtraq: 20090526 [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) (Google Search) http://www.securityfocus.com/archive/1/503825/100/0/threaded Bugtraq: 20090527 Re: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-05/0270.html Bugtraq: 20090527 Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-05/0271.html Bugtraq: 20090527 Re[2]: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-05/0272.html https://www.exploit-db.com/exploits/8794 http://blog.zoller.lu/2009/04/advisory-firefox-dos-condition.html https://bugzilla.mozilla.org/show_bug.cgi?id=393832 XForce ISS Database: firefox-loop-dos(50721) https://exchange.xforce.ibmcloud.com/vulnerabilities/50721
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.