CVE-2009-3934 : The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/we

The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail.

Published 2009-11-12 17:54:59

Updated 2017-08-17 01:31:20

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2009-3934

Google » Chrome
Versions up to, including, (<=) 3.0.195.21
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.149.29
cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.149.30
cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.36
cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.149.27
cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 3.0.190.2
cpe:2.3:a:google:chrome:3.0.190.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.8
cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.2
cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.33
cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.169.1
cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.48
cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.52
cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.3.154.3
cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.153.1
cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.28
cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.38
cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.158.0
cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.169.0
cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.159.0
cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.37
cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.59
cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 3.0.193.2 Update Beta
cpe:2.3:a:google:chrome:3.0.193.2:beta:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.27
cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.156.1
cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.31
cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.30
cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.39
cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.42
cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.65
cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.152.1
cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.31
cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.22
cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.33
cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 3.0.182.2
cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.157.0
cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.157.2
cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172
cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.170.0
cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.53
cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.46
cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.43
cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.18
cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.3.154.0
cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-3934

EPSS FAQ

1.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-3934

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2009-3934

http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/webframeloaderclient_impl.cc?r1=30772&r2=30771
http://www.vupen.com/english/advisories/2011/0212

Webmail | OVH- OVH

CVEs referencing this url
http://src.chromium.org/viewvc/chrome?view=rev&revision=30772
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2011:002

CVEs referencing this url
http://code.google.com/p/chromium/issues/detail?id=22205
http://codereview.chromium.org/326015
https://exchange.xforce.ibmcloud.com/vulnerabilities/54296
http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2009-3934

Products affected by CVE-2009-3934

Exploit prediction scoring system (EPSS) score for CVE-2009-3934

CVSS scores for CVE-2009-3934

References for CVE-2009-3934