Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone AGOPENVAS:1361412562310800857
HistoryAug 07, 2009 - 12:00 a.m.

Mozilla Firefox SOCKS5 Proxy Server DoS Vulnerability (Aug 2009) - Windows

2009-08-0700:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
19

6.4 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.8%

JSON

Mozilla Firefox is prone to a denial of service (DoS) vulnerability.

# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.800857");
  script_version("2024-02-16T05:06:55+0000");
  script_tag(name:"last_modification", value:"2024-02-16 05:06:55 +0000 (Fri, 16 Feb 2024)");
  script_tag(name:"creation_date", value:"2009-08-07 07:29:21 +0200 (Fri, 07 Aug 2009)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_cve_id("CVE-2009-2470");
  script_name("Mozilla Firefox SOCKS5 Proxy Server DoS Vulnerability (Aug 2009) - Windows");
  script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=459524");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/35925");
  script_xref(name:"URL", value:"http://www.mozilla.org/security/announce/2009/mfsa2009-38.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("gb_firefox_detect_portable_win.nasl");
  script_mandatory_keys("Firefox/Win/Ver");

  script_tag(name:"impact", value:"Successful exploitation will let attacker to cause Denial of Service condition
  in an affected proxy server.");

  script_tag(name:"affected", value:"Firefox version before 3.0.12 or 3.5 before 3.5.2 on Windows.");

  script_tag(name:"insight", value:"Error exists when application fails to handle long domain name in a response
  which leads remote 'SOCKS5' proxy servers into data stream corruption.");

  script_tag(name:"solution", value:"Upgrade to Firefox version 3.0.12/3.5.2.");

  script_tag(name:"summary", value:"Mozilla Firefox is prone to a denial of service (DoS) vulnerability.");

  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("version_func.inc");

ffVer = get_kb_item("Firefox/Win/Ver");
if(!ffVer){
  exit(0);
}

if(version_is_less(version:ffVer, test_version:"3.0.12")||
   version_in_range(version:ffVer, test_version:"3.5", test_version2:"3.5.1")) {
  security_message( port: 0, data: "The target host was found to be vulnerable" );
}

Related

openvas 18
securityvulns 2
mozilla 1
ubuntucve 1
cve 1
veracode 1
prion 1
cvelist 1
nessus 24
freebsd 1
centos 4
oraclelinux 3
redhat 4
gentoo 1
openvas
openvas
Mozilla Firefox SOCKS5 Proxy Server DoS Vulnerability Aug-09 (Windows)
2009-08-07 00:00:00
Mozilla Firefox SOCKS5 Proxy Server DoS Vulnerability Aug-09 (Linux)
2009-08-07 00:00:00
Mozilla Firefox SOCKS5 Proxy Server DoS Vulnerability (Aug 2009) - Linux
2009-08-07 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-38
2009-08-07 00:00:00
Mozilla Firefox, Thunderbird, SeaMonkey, NSS multiple security vulnerabilities
2009-08-07 00:00:00
mozilla
mozilla
Data corruption with SOCKS5 reply containing DNS name longer than 15 characters — Mozilla
2009-07-21 00:00:00
ubuntucve
ubuntucve
CVE-2009-2470
2009-08-04 00:00:00
cve
cve
CVE-2009-2470
2009-08-04 16:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:36:34
prion
prion
Design/Logic Flaw
2009-08-04 16:30:00
cvelist
cvelist
CVE-2009-2470
2009-08-04 16:13:00
nessus
nessus
Mozilla Firefox < 3.5.2/3.0.12 Multiple Vulnerabilities
2009-08-04 00:00:00
Mozilla Firefox < 3.5.2/3.0.12 Multiple Vulnerabilities
2009-08-04 00:00:00
Oracle Linux 3 / 4 : seamonkey (ELSA-2009-1163)
2013-07-12 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-08-03 00:00:00
centos
centos
seamonkey security update
2009-07-22 22:37:56
firefox, xulrunner security update
2009-07-28 12:22:37
thunderbird security update
2010-03-17 18:24:23
oraclelinux
oraclelinux
seamonkey security update
2009-07-22 00:00:00
firefox security update
2009-07-22 00:00:00
thunderbird security update
2010-03-17 00:00:00
redhat
redhat
(RHSA-2009:1163) Critical: seamonkey security update
2009-07-21 00:00:00
(RHSA-2009:1162) Critical: firefox security update
2009-07-21 00:00:00
(RHSA-2010:0154) Moderate: thunderbird security update
2010-03-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

6.4 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.8%

JSON
Related for OPENVAS:1361412562310800857
openvas18securityvulns2mozilla1ubuntucve1cve1veracode1prion1cvelist1nessus24freebsd1centos4oraclelinux3redhat4gentoo1