CVE-2010-2117 — Infinite Loop in Mozilla Firefox

CWE-3994 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 35.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedJun 1

Latest updateMay 14

Description

Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox11 versions+10

🔴Vulnerability Details

GHSA

GHSA-224m-8wrv-4v8r: Mozilla Firefox 3↗2022-05-14

▶

📋Vendor Advisories

Red Hat

Firefox: DoS (resource consumption) via JavaScript source with loop of invalid (1) news:// or (2) nntp:// URIs↗2010-05-27

▶

💬Community

Bugzilla

CVE-2010-2117 Firefox: DoS (resource consumption) via JavaScript source with loop of invalid (1) news:// or (2) nntp:// URIs↗2010-06-02

▶