CVE-2010-0160 — Out-of-bounds Write in Mozilla Firefox

CWE-3997 documents6 sources

Severity

10.0CRITICALNVD

EPSS

5.2%

top 10.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedFeb 22

Latest updateMay 2

Description

The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.0.17+25

▶NVDmozilla/seamonkey2.0.2+30

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-jpcj-8f59-9q4h: The Web Worker functionality in Mozilla Firefox 3↗2022-05-02

▶

CVEList

CVE-2010-0160: The Web Worker functionality in Mozilla Firefox 3↗2010-02-21

▶

📋Vendor Advisories

Red Hat

Mozilla implementation of Web Workers can lead to crash with evidence of memory corruption (MFSA 2010-02)↗2010-02-17

▶

Ubuntu

Firefox 3.0 and Xulrunner 1.9 vulnerabilities↗2010-02-17

▶

Ubuntu

Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities↗2010-02-17

▶

💬Community

Bugzilla

CVE-2010-0160 Mozilla implementation of Web Workers can lead to crash with evidence of memory corruption (MFSA 2010-02)↗2010-02-17

▶