CVE-2009-2953
Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
Date published : 2009-08-24
http://www.securityfocus.com/archive/1/506006/100/0/threaded