CVE-2010-0164 — Out-of-bounds Write in Mozilla Firefox

CWE-3993 documents3 sources

Severity

9.3CRITICALNVD

EPSS

7.5%

top 8.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedMar 25

Latest updateMay 2

Description

Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmozilla/firefox3.6

🔴Vulnerability Details

GHSA

GHSA-2qmf-3w3w-mfq6: Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer↗2022-05-02

▶

📋Vendor Advisories

Red Hat

MySQL: mysqld DoS (assertion failure) by alternate reads from two indexes on a table using the HANDLER interface (MySQL bug #54007)↗2010-07-09

▶