Lucene search

MitreCVE-2010-0164

HistoryMar 25, 2010 - 9:00 p.m.

CVE-2010-0164

2010-03-2521:00:00

CWE-399

mitre

web.nvd.nist.gov

cve-2010-0164

mozilla

firefox

use-after-free vulnerability

nvd

heap memory corruption

arbitrary code execution

remote attackers

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

9.8

Confidence

High

EPSS

0.072

Percentile

94.1%

JSON

Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values.

Affected configurations

Nvd

Node

mozillafirefoxMatch3.6

VendorProductVersionCPE
mozillafirefox3.6cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	3.6	cpe:2.3:a:mozilla:firefox:3.6:::::::*

References

www.mandriva.com/security/advisories?name=MDVSA-2010:070

www.mozilla.org/security/announce/2010/mfsa2010-09.html

www.securityfocus.com/archive/1/510535/100/0/threaded

www.securityfocus.com/bid/38918

www.securityfocus.com/bid/38921

www.vupen.com/english/advisories/2010/0692

www.zerodayinitiative.com/advisories/ZDI-10-047

bugzilla.mozilla.org/show_bug.cgi?id=547143

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8703

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

9.8

Confidence

High

EPSS

0.072

Percentile

94.1%

JSON

Related for CVE-2010-0164