PT-2010-1974 · Mozilla+1 · Firefox+2

Orlando Barrera Ii

·

Publicado

2010-02-17

·

Atualizado

2018-10-10

·

CVE-2010-0160

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.0.x through 3.0.17 Mozilla Firefox versions 3.5.x through 3.5.7 SeaMonkey versions prior to 2.0.3
Description The issue is related to the Web Worker functionality, which does not properly handle array data types for posted messages. This can be exploited by remote attackers to cause a denial of service, resulting in heap memory corruption and application crash, or possibly execute arbitrary code.
Recommendations For Mozilla Firefox versions 3.0.x through 3.0.17, update to version 3.0.18 or later. For Mozilla Firefox versions 3.5.x through 3.5.7, update to version 3.5.8 or later. For SeaMonkey versions prior to 2.0.3, update to version 2.0.3 or later.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2010-0160
RHSA-2010:0112
RHSA-2010_0112
ZDI-10-046

Produtos afetados

Firefox
Red Hat
Seamonkey