CVE-2010-1986

Name of the Vulnerable Software and Affected Versions Mozilla Firefox version 3.6.3

Description The issue allows remote attackers to cause a denial of service, resulting in memory consumption and application crash, via JavaScript code. This code creates multiple arrays containing elements with long string values and appends long strings to the content of a P element. The problem is related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll.

Recommendations For Mozilla Firefox version 3.6.3, consider disabling JavaScript as a temporary workaround until a patch is available. Restrict access to untrusted web content to minimize the risk of exploitation.