The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an unclamped loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | 3.0.4 (including) | 3.0.4 (including) |
| Firefox | Ubuntu | dapper | * |
| Firefox | Ubuntu | hardy | * |
| Xulrunner-1.9 | Ubuntu | hardy | * |
| Xulrunner-1.9 | Ubuntu | intrepid | * |
| Xulrunner-1.9 | Ubuntu | jaunty | * |
| Xulrunner-1.9.1 | Ubuntu | jaunty | * |
| Xulrunner-1.9.1 | Ubuntu | karmic | * |
| Xulrunner-1.9.1 | Ubuntu | upstream | * |
| Xulrunner-1.9.2 | Ubuntu | devel | * |
| Xulrunner-1.9.2 | Ubuntu | hardy | * |
| Xulrunner-1.9.2 | Ubuntu | jaunty | * |
| Xulrunner-1.9.2 | Ubuntu | karmic | * |
| Xulrunner-1.9.2 | Ubuntu | lucid | * |
| Xulrunner-1.9.2 | Ubuntu | upstream | * |
References
- http://archives.neohapsis.com/archives/bugtraq/2009-05/0270.html
- http://archives.neohapsis.com/archives/bugtraq/2009-05/0271.html
- http://archives.neohapsis.com/archives/bugtraq/2009-05/0272.html
- http://blog.zoller.lu/2009/04/advisory-firefox-dos-condition.html
- http://www.securityfocus.com/archive/1/503825/100/0/threaded
- https://bugzilla.mozilla.org/show_bug.cgi?id=393832
- https://bugzilla.mozilla.org/show_bug.cgi?id=465615
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50721
- https://www.exploit-db.com/exploits/8794
- http://archives.neohapsis.com/archives/bugtraq/2009-05/0270.html
- http://archives.neohapsis.com/archives/bugtraq/2009-05/0271.html
- http://archives.neohapsis.com/archives/bugtraq/2009-05/0272.html
- http://blog.zoller.lu/2009/04/advisory-firefox-dos-condition.html
- http://www.securityfocus.com/archive/1/503825/100/0/threaded
- https://bugzilla.mozilla.org/show_bug.cgi?id=393832
- https://bugzilla.mozilla.org/show_bug.cgi?id=465615
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50721
- https://www.exploit-db.com/exploits/8794