CVE-2010-0181 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation9 documents5 sources

Severity

5.0MEDIUMNVD

NVD4.3CNA4.3

EPSS

2.6%

top 14.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Opera Browser

Timeline

PublishedApr 5

Latest updateMay 14

Description

Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox3.5.7+93

▶NVDmozilla/seamonkey2.0.3+34

▶NVDopera/opera_browser9.52

🔴Vulnerability Details

GHSA

GHSA-q66x-vm73-35xj: Opera 9↗2022-05-14

▶

GHSA

GHSA-545x-w2c3-gjv5: Mozilla Firefox before 3↗2022-05-02

▶

CVEList

CVE-2010-1989: Opera 9↗2010-05-20

▶

CVEList

CVE-2010-0181: Mozilla Firefox before 3↗2010-04-05

▶

📋Vendor Advisories

Ubuntu

Firefox 3.5 and Xulrunner vulnerabilities↗2010-04-09

▶

💬Community

Bugzilla

CVE-2010-4643 OpenOffice.org: heap based buffer overflow when parsing TGA files↗2011-01-06

▶

Bugzilla

CVE-2008-3279 brltty: insecure relative RPATH↗2008-08-05

▶