CVE-2010-1990Mozilla Firefox vulnerability

CWE-3994 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 32.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedMay 20
Latest updateMay 14

Description

Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox3.0.19+28

🔴Vulnerability Details

1
GHSA
GHSA-3jwm-23jh-8fh8: Mozilla Firefox 32022-05-14

📋Vendor Advisories

1
Red Hat
firefox/seamonkey: mail application launch when IFRAME element has a mailto: URI in its SRC attribute2010-05-18

💬Community

1
Bugzilla
CVE-2010-1990 firefox/seamonkey: mail application launch when IFRAME element has a mailto: URI in its SRC attribute2010-06-09