Bug#557753: xulrunner: CVE-2009-2953 denial-of-service
Alexander Sack
asac at debian.org
Tue Nov 24 11:30:09 UTC 2009
On Mon, Nov 23, 2009 at 11:58:34PM -0500, Michael Gilbert wrote:
> Package: xulrunner
> Version: 1.9.1.5-1
> Severity: important
> Tags: security
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for xulrunner.
>
> CVE-2009-2953[0]:
> | Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote
> | attackers to cause a denial of service (CPU consumption) via
> | JavaScript code with a long string value for the hash property (aka
> | location.hash), a related issue to CVE-2008-5715.
>
Mozilla does not consider normal DoS bugs a security issue.
It happens that CVEs got filed by someone in the past, but unless they
show memory corruption they are useless ...
is this advisory something confirmed/released by mozilla?
- Alexander
More information about the pkg-mozilla-maintainers
mailing list