CVE-2009-2975

{"id": "CVE-2009-2975", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-08-27T17:30:00.343", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0234.html", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0236.html", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0246.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52923", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol."}, {"lang": "es", "value": "Mozilla Firefox v3.5.2 en Windows XP, en algunas situaciones posiblemente envuelvan una configuraci\u00f3n incompleta del manejador de protocolo, no implementa apropiadamente la configuraci\u00f3n de la propiedad document.location para un valor, especificando un protocolo asociado con una aplicaci\u00f3n externa, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un vector que envuelve una serie de llamadas a funciones que establecen esta propiedad, como se demuestra por (1) el chromehtml: protocolo y (2) el aim: protocolo."}], "lastModified": "2017-08-17T01:30:59.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54186D4A-C6F0-44AD-94FB-73B4346ABB6B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}