Unrated severityNVD Advisory· Published Aug 27, 2009· Updated Jun 16, 2026
CVE-2009-2975
CVE-2009-2975
Description
Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol.
Affected products
2cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
- (no CPE)range: = 3.5.2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.