CVE-2010-1212Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents5 sources
Severity
9.3CRITICALNVD
EPSS
2.0%
top 16.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedJul 30
Latest updateMay 2

Description

js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_A

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/firefox5 versions+4

🔴Vulnerability Details

1
GHSA
GHSA-wf8r-j8q5-35hw: js/src/jstracer2022-05-02

📋Vendor Advisories

6
Ubuntu
Thunderbird vulnerabilities2010-07-26
Ubuntu
Firefox and Xulrunner vulnerability2010-07-26
Ubuntu
Firefox and Xulrunner vulnerabilities2010-07-23
Ubuntu
ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update2010-07-23
Ubuntu
Firefox and Xulrunner vulnerabilities2010-07-23

💬Community

1
Bugzilla
CVE-2010-1212 Mozilla miscellaneous memory safety hazards2010-07-16