CVE-2007-2162

Publication date 22 April 2007

Last updated 24 July 2024

Ubuntu priority

Description

(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	8.10 intrepid	Not in release
	8.04 LTS hardy	Ignored
	7.10 gutsy	Ignored
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

kees

browser denial-of-service

jdstrand

ignoring-- we don't consider browser DoS as security vulnerability, and upstream is not acting on it

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-2162