DescriptionMozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs340282, 340283, 345469

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firefox (PTS)sid111.0.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)1.5.dfsg-1unimportant340283, 345469
mozilla-firefoxsource(unstable)1.4.99+1.5rc3.dfsg-2unimportant340283, 345469


maintainers don't believe it is a security bug and can't reproduce after 1.5.dfsg-1

Search for package or bug name: Reporting problems