[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-0160Date: (C)2010-02-22   (M)2024-03-27


The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
http://www.securityfocus.com/archive/1/510533/100/0/threaded
SECUNIA-37242
SECUNIA-38847
ADV-2010-0405
DSA-1999
FEDORA-2010-1727
FEDORA-2010-1932
FEDORA-2010-1936
MDVSA-2010:042
RHSA-2010:0112
SUSE-SA:2010:015
USN-895-1
USN-896-1
http://www.mozilla.org/security/announce/2010/mfsa2010-02.html
http://www.zerodayinitiative.com/advisories/ZDI-10-046
https://bugzilla.mozilla.org/show_bug.cgi?id=531222
https://bugzilla.mozilla.org/show_bug.cgi?id=533000
https://bugzilla.mozilla.org/show_bug.cgi?id=534051
mozilla-webworkers-code-execution(56360)
oval:org.mitre.oval:def:11166
oval:org.mitre.oval:def:8465

CPE    68
cpe:/a:mozilla:firefox:3.5.7
cpe:/a:mozilla:firefox:3.5.5
cpe:/a:mozilla:firefox:3.5.6
cpe:/a:mozilla:firefox:3.5.3
...
CWE    1
CWE-399
OVAL    42
oval:org.secpod.oval:def:200010
oval:org.secpod.oval:def:100003
oval:org.secpod.oval:def:100997
oval:org.secpod.oval:def:100991
...

© SecPod Technologies