Test ID:	1.3.6.1.4.1.25623.1.0.800625
Category:	Denial of Service
Title:	Mozilla Firefox 'keygen' HTML Tag DOS Vulnerability - Linux
Summary:	Mozilla Firefox is prone to a denial of service (DoS) vulnerability.
Description:	Summary: Mozilla Firefox is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Flaws are due to: - Error exists via KEYGEN element in conjunction with a META element specifying automatic page refresh or a JavaScript onLoad event handler for a BODY element. - Error caused while passing a large value in the r (aka Radius) attribute of a circle element, related to an 'unclamped loop.'. Vulnerability Impact: Successful exploitation will let attackers to cause the browser to stop responding, infinite loop, application hang, and memory consumption, and can cause denying service to legitimate users. Affected Software/OS: Mozilla Firefox version 3.0.4 and 3.0.10. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1828 BugTraq ID: 35132 http://www.securityfocus.com/bid/35132 Bugtraq: 20090528 [TZO-27-2009] Firefox Denial of Service (Keygen) (Google Search) http://www.securityfocus.com/archive/1/503876/100/0/threaded Bugtraq: 20090908 Re: DoS vulnerability in Google Chrome (Google Search) http://www.securityfocus.com/archive/1/506328/100/100/threaded https://www.exploit-db.com/exploits/8822 http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0247.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0263.html http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html http://websecurity.com.ua/3194/ https://bugzilla.mozilla.org/show_bug.cgi?id=469565 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5928 XForce ISS Database: firefox-keygen-dos(50838) https://exchange.xforce.ibmcloud.com/vulnerabilities/50838 Common Vulnerability Exposure (CVE) ID: CVE-2009-1827 Bugtraq: 20090526 [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) (Google Search) http://www.securityfocus.com/archive/1/503825/100/0/threaded Bugtraq: 20090527 Re: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-05/0270.html Bugtraq: 20090527 Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-05/0271.html Bugtraq: 20090527 Re[2]: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-05/0272.html https://www.exploit-db.com/exploits/8794 http://blog.zoller.lu/2009/04/advisory-firefox-dos-condition.html https://bugzilla.mozilla.org/show_bug.cgi?id=393832 XForce ISS Database: firefox-loop-dos(50721) https://exchange.xforce.ibmcloud.com/vulnerabilities/50721
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.