CVE-2010-0159 — Out-of-bounds Write in Mozilla Firefox

7 documents6 sources

Severity

10.0CRITICALNVD

EPSS

2.5%

top 14.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +2 more

Timeline

PublishedFeb 22

Latest updateMay 2

Description

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.0 — 3.0.18+1

▶NVDmozilla/seamonkey< 2.0.3

▶NVDmozilla/thunderbird< 3.0.2

Also affects: Debian Linux 5.0, Ubuntu Linux 8.04, 8.10, 9.04, 9.10

🔴Vulnerability Details

GHSA

GHSA-5xww-5f35-hfhp: The browser engine in Mozilla Firefox 3↗2022-05-02

▶

CVEList

CVE-2010-0159: The browser engine in Mozilla Firefox 3↗2010-02-21

▶

📋Vendor Advisories

Ubuntu

Firefox 3.0 and Xulrunner 1.9 vulnerabilities↗2010-02-17

▶

Ubuntu

Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities↗2010-02-17

▶

Red Hat

Mozilla crashes with evidence of memory corruption (MFSA 2010-01)↗2010-02-17

▶

💬Community

Bugzilla

CVE-2010-0159 Mozilla crashes with evidence of memory corruption (MFSA 2010-01)↗2010-02-17

▶