[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-0220Date: (C)2010-01-07   (M)2024-03-27


The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
MDVSA-2010:000
firefox-nsobserverlist-dos(55550)
http://hg.mozilla.org/mozilla-central/rev/51396f6c9f20
http://isc.sans.org/diary.html?storyid=7897
http://www.mozilla.com/en-US/firefox/3.5.7/releasenotes/
https://bugzilla.mozilla.org/show_bug.cgi?id=507114
oval:org.mitre.oval:def:8292

CPE    72
cpe:/a:mozilla:firefox:1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.3
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5.0.2
...
CWE    1
CWE-399
OVAL    1
oval:org.mitre.oval:def:8292

© SecPod Technologies