CVE-2010-0220Mozilla Firefox vulnerability

CWE-3995 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 23.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedJan 7
Latest updateMay 2

Description

The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox3.5.6+67

Patches

Patch: isc.sans.orgPatch: www.mozilla.comPatch: isc.sans.org

🔴Vulnerability Details

1
GHSA
GHSA-35p6-jmhj-fg2v: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList2022-05-02

💥Exploits & PoCs

1
Exploit-DB
Kerio Personal Firewall 2.1.4 - Authentication Packet Overflow (Metasploit)2010-06-15

📋Vendor Advisories

1
Red Hat
: Firefox DoS (crash) via crafted web site that triggers memory consumption2009-07-29

💬Community

1
Bugzilla
CVE-2010-0220: Firefox DoS (crash) via crafted web site that triggers memory consumption2010-04-02