// For flags

CVE-2010-1203

Mozilla Crashes with evidence of memory corruption

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.

El motor de JavaScript en Firefox de Mozilla versiones 3.6.x anteriores a 3.6.4, permite a los atacantes remotos causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de vectores que desencadenan un fallo de aserción en el archivo jstracer.cpp.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-03-30 CVE Reserved
  • 2010-06-23 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-01-31 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (27)
URL Tag Source
http://support.avaya.com/css/P8/documents/100091069 X_refsource_confirm
http://www.securityfocus.com/bid/41050 Vdb Entry
http://www.securityfocus.com/bid/41099 Vdb Entry
http://www.securitytracker.com/id?1024138 Vdb Entry
http://www.securitytracker.com/id?1024139 Vdb Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=546611 X_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=557946 X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/59662 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10401 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8317 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html 2017-09-19
http://secunia.com/advisories/40323 2017-09-19
http://secunia.com/advisories/40326 2017-09-19
http://secunia.com/advisories/40401 2017-09-19
http://secunia.com/advisories/40481 2017-09-19
http://ubuntu.com/usn/usn-930-1 2017-09-19
http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 2017-09-19
http://www.mozilla.org/security/announce/2010/mfsa2010-26.html 2017-09-19
http://www.redhat.com/support/errata/RHSA-2010-0500.html 2017-09-19
http://www.redhat.com/support/errata/RHSA-2010-0501.html 2017-09-19
http://www.ubuntu.com/usn/usn-930-2 2017-09-19
http://www.vupen.com/english/advisories/2010/1551 2017-09-19
http://www.vupen.com/english/advisories/2010/1557 2017-09-19
http://www.vupen.com/english/advisories/2010/1640 2017-09-19
http://www.vupen.com/english/advisories/2010/1773 2017-09-19
https://access.redhat.com/security/cve/CVE-2010-1203 2010-06-22
https://bugzilla.redhat.com/show_bug.cgi?id=590816 2010-06-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.6
Search vendor "Mozilla" for product "Firefox" and version "3.6"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.6.2
Search vendor "Mozilla" for product "Firefox" and version "3.6.2"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.6.3
Search vendor "Mozilla" for product "Firefox" and version "3.6.3"
-
Affected