vendor:
Firefox
by:
Tejas Ajay Naik
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Firefox
Affected Version From: 67.0.4
Affected Version To: 67.0.4
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Linux x86, Windows x64 1803
2019
DOMParser Denial of Service on Firefox 67.0.4
Passing a huge string as an argument to DOMParser.parseFromString will crash the tab in Firefox version 67.0.4.
Mitigation:
Upgrade to the latest version of Firefox
