PT-2010-1974 · Mozilla+1 · Firefox+2

Orlando Barrera Ii

Published

2010-02-17

Updated

2018-10-10

CVE-2010-0160

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.0.x through 3.0.17 Mozilla Firefox versions 3.5.x through 3.5.7 SeaMonkey versions prior to 2.0.3

Description The issue is related to the Web Worker functionality, which does not properly handle array data types for posted messages. This can be exploited by remote attackers to cause a denial of service, resulting in heap memory corruption and application crash, or possibly execute arbitrary code.

Recommendations For Mozilla Firefox versions 3.0.x through 3.0.17, update to version 3.0.18 or later. For Mozilla Firefox versions 3.5.x through 3.5.7, update to version 3.5.8 or later. For SeaMonkey versions prior to 2.0.3, update to version 2.0.3 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2010-0160

RHSA-2010:0112

RHSA-2010_0112

ZDI-10-046

Affected Products

Firefox

Red Hat

Seamonkey

PT-2010-1974 · Mozilla+1 · Firefox+2

CVE-2010-0160

Weakness Enumeration

Related Identifiers

Affected Products

References · 32