CVE-2008-5715
Mozilla Firefox 3.0.5 - location.hash Remote Crash
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms.
Firefox 3.0.5 de Mozilla en Windows Vista permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante código JavaScript con un valor de cadena largo para la propiedad hash (también conocido como location.hash).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-12-24 CVE Reserved
- 2008-12-24 CVE Published
- 2024-04-22 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/51032 | Vdb Entry | |
| http://securityreason.com/securityalert/4807 | Third Party Advisory | |
| http://websecurity.com.ua/3424 | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/506006/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/32988 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47572 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/7554 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.0.5 Search vendor "Mozilla" for product "Firefox" and version "3.0.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | gold |
Safe
|