Bug#557753: xulrunner: CVE-2009-2953 denial-of-service
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Nov 24 04:58:34 UTC 2009
Package: xulrunner
Version: 1.9.1.5-1
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xulrunner.
CVE-2009-2953[0]:
| Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote
| attackers to cause a denial of service (CPU consumption) via
| JavaScript code with a long string value for the hash property (aka
| location.hash), a related issue to CVE-2008-5715.
I've tested other xulrunner-derived browsers such as galeon and this
proof-of-concept there as well (causes a crash).
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2953
http://security-tracker.debian.org/tracker/CVE-2009-2953
More information about the pkg-mozilla-maintainers
mailing list