CVE-2010-1987Mozilla Firefox vulnerability

5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.0%
top 22.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedMay 20
Latest updateMay 14

Description

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox3.6.3

🔴Vulnerability Details

1
GHSA
GHSA-9gqx-f57m-x5j2: Mozilla Firefox 32022-05-14

💥Exploits & PoCs

1
Exploit-DB
Press Release Script - 'page.php?id' SQL Injection2010-05-14

📋Vendor Advisories

1
Red Hat
php: iconv_mime_decode_headers skips headers using unsupported encoding2010-09-28

💬Community

1
Bugzilla
CVE-2010-4699 php: iconv_mime_decode_headers skips headers using unsupported encoding2011-01-19