CVE-2009-2975 Information

Description

Mozilla Firefox 3.5.2 on Windows XP in some situations possibly involving an incompletely configured protocol handler does not properly implement setting the document.location property to a value specifying a protocol associated with an external application which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol.

Reference

http://archives.neohapsis.com/archives/bugtraq/2009-08/0234.html http://archives.neohapsis.com/archives/bugtraq/2009-08/0236.html http://archives.neohapsis.com/archives/bugtraq/2009-08/0246.html https://exchange.xforce.ibmcloud.com/vulnerabilities/52923