Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0167Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Seamonkey

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
22.9%
top 4.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Mozilla SeamonkeyMozilla ThunderbirdMozilla Firefox
Timeline
PublishedMar 25
Latest updateMay 2

Description

The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/seamonkey2.0.2+22
NVDmozilla/thunderbird3.0.1+31
NVDmozilla/firefox19 versions+18

Patches

Patch: www.mozilla.orgPatch: www.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-pfj8-2727-hwr9: The browser engine in Mozilla Firefox 32022-05-02
CVEList
CVE-2010-0167: The browser engine in Mozilla Firefox 32010-03-25

💥Exploits & PoCs

2
Exploit-DB
RealVNC 3.3.7 - Client Buffer Overflow (Metasploit)2010-04-30
Exploit-DB
Mozilla Firefox/Thunderbird/SeaMonkey - Multiple Memory Corruption Vulnerabilities2010-03-24

📋Vendor Advisories

1
Red Hat
firefox/thunderbird/seamonkey: crashes with evidence of memory corruption (MFSA 2010-11)2010-03-23

💬Community

1
Bugzilla
CVE-2010-0167 firefox/thunderbird/seamonkey: crashes with evidence of memory corruption (MFSA 2010-11)2010-03-24
CVE-2010-0167 — Mozilla Seamonkey vulnerability | cvebase