CVE-2010-3183Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
7.0%
top 8.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedOct 21
Latest updateMay 17

Description

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox3.5.13+91
NVDmozilla/seamonkey2.0.8+41
NVDmozilla/thunderbird3.0.8+71

🔴Vulnerability Details

2
GHSA
GHSA-254p-9j5r-3fvc: The LookupGetterOrSetter function in js32502022-05-17
CVEList
CVE-2010-3183: The LookupGetterOrSetter function in js32502010-10-21

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2010-10-20
Ubuntu
Firefox and Xulrunner vulnerabilities2010-10-20
Red Hat
Mozilla dangling pointer vulnerability in LookupGetterOrSetter2010-10-19

💬Community

1
Bugzilla
CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter2010-10-12
CVE-2010-3183 — Mozilla Firefox vulnerability | cvebase