CVE-2010-1203 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting14 documents5 sources

Severity

9.3CRITICALNVD

EPSS

5.2%

top 10.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedJun 24

Latest updateMay 2

Description

The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmozilla/firefox3.6, 3.6.2, 3.6.3+2

🔴Vulnerability Details

GHSA

GHSA-vrcw-32cf-52wm: The JavaScript engine in Mozilla Firefox 3↗2022-05-02

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerability↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Ubuntu

ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update↗2010-07-23

▶

Ubuntu

Thunderbird vulnerabilities↗2010-07-06

▶

Ubuntu

Firefox regression↗2010-06-30

▶

💬Community

Bugzilla

CVE-2010-1644 cacti: XSS issues in host.php and data_sources.php (VUPEN/ADV-2010-1203)↗2010-06-29

▶

Bugzilla

CVE-2010-1644 CVE-2010-1645 CVE-2010-2092 Cacti v0.8.7f - three security fixes↗2010-05-24

▶

Bugzilla

CVE-2010-1203 Mozilla Crashes with evidence of memory corruption↗2010-05-10

▶