CVE-2010-1987

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571.

Mozilla Firefox v3.6.3 en Windows XP SP3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria, lectura fuera de rango y caída de la aplicación) a través de código JavaScript que añade cadenas largas de caracteres al contenido de un elemento P y realiza operaciones de concatenación de cadenas y subcadenas relacionado con la clase DoubleWideCharMappedString class en USP10.dll y en la función gfxWindowsFontGroup::GetUnderlineOffset de xul.dll, diferente a la vulnerabilidad CVE-2009-1571.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-05-20 CVE Reserved
2010-05-20 CVE Published
2023-11-29 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-399: Resource Management Errors

CAPEC

References (6)

URL	Tag	Source
http://osvdb.org/64790	Vdb Entry
http://www.securityfocus.com/archive/1/511329/100/0/threaded	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/58762	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12013	Signature

URL	Date	SRC
http://www.exploit-db.com/exploits/12678	2024-08-07
http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt	2024-08-07

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	3.6.3 Search vendor "Mozilla" for product "Firefox" and version "3.6.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp3	Safe