CVE-2009-2953

Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
mozillafirefox
3.0.6
mozillafirefox
3.0.7
mozillafirefox
3.0.8
mozillafirefox
3.0.9
mozillafirefox
3.0.10
mozillafirefox
3.0.11
mozillafirefox
3.0.12
mozillafirefox
3.0.13
mozillafirefox
3.5
mozillafirefox
3.5.1
mozillafirefox
3.5.2
mozillafirefox
3.5.3
mozillafirefox
3.5.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
dapper
not-affected
hardy
not-affected
intrepid
dne
jaunty
dne
karmic
dne
xulrunner-1.9
dapper
dne
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
dne
xulrunner-1.9.1
dapper
dne
hardy
dne
intrepid
dne
jaunty
ignored
karmic
ignored
Common Weakness Enumeration
References
http://websecurity.com.ua/3424/
http://www.securityfocus.com/archive/1/506006/100/0/threaded
http://websecurity.com.ua/3424/
http://www.securityfocus.com/archive/1/506006/100/0/threaded