// For flags

CVE-2010-0159

Mozilla crashes with evidence of memory corruption (MFSA 2010-01)

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, Thunderbird anterior a la v3.0.2, y SeaMonkey anterior a la v2.0.3 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores relativos a la función nsBlockFrame::StealFrame en layout/generic/nsBlockFrame.cpp, ay otros vectores no específicos.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-01-06 CVE Reserved
  • 2010-02-18 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-10-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (33)
URL Tag Source
http://secunia.com/advisories/37242 Third Party Advisory
http://secunia.com/advisories/38770 Third Party Advisory
http://secunia.com/advisories/38772 Third Party Advisory
http://secunia.com/advisories/38847 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0405 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0650 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56359 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html 2018-11-16
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html 2018-11-16
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html 2018-11-16
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html 2018-11-16
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html 2018-11-16
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html 2018-11-16
http://www.debian.org/security/2010/dsa-1999 2018-11-16
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 2018-11-16
http://www.mozilla.org/security/announce/2010/mfsa2010-01.html 2018-11-16
http://www.redhat.com/support/errata/RHSA-2010-0112.html 2018-11-16
http://www.redhat.com/support/errata/RHSA-2010-0113.html 2018-11-16
http://www.redhat.com/support/errata/RHSA-2010-0153.html 2018-11-16
http://www.redhat.com/support/errata/RHSA-2010-0154.html 2018-11-16
http://www.ubuntu.com/usn/USN-895-1 2018-11-16
http://www.ubuntu.com/usn/USN-896-1 2018-11-16
https://bugzilla.mozilla.org/show_bug.cgi?id=467005 2018-11-16
https://bugzilla.mozilla.org/show_bug.cgi?id=501934 2018-11-16
https://bugzilla.mozilla.org/show_bug.cgi?id=527567 2018-11-16
https://bugzilla.mozilla.org/show_bug.cgi?id=528134 2018-11-16
https://bugzilla.mozilla.org/show_bug.cgi?id=528300 2018-11-16
https://bugzilla.mozilla.org/show_bug.cgi?id=530880 2018-11-16
https://bugzilla.mozilla.org/show_bug.cgi?id=534082 2018-11-16
https://access.redhat.com/security/cve/CVE-2010-0159 2010-03-17
https://bugzilla.redhat.com/show_bug.cgi?id=566047 2010-03-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 >= 3.0 < 3.0.18
Search vendor "Mozilla" for product "Firefox" and version " >= 3.0 < 3.0.18"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 >= 3.5 < 3.5.8
Search vendor "Mozilla" for product "Firefox" and version " >= 3.5 < 3.5.8"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 < 2.0.3
Search vendor "Mozilla" for product "Seamonkey" and version " < 2.0.3"
-
Affected
Mozilla
Search vendor "Mozilla"
 Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
 < 3.0.2
Search vendor "Mozilla" for product "Thunderbird" and version " < 3.0.2"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 5.0
Search vendor "Debian" for product "Debian Linux" and version "5.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 9.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 9.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10"
-
Affected