Lucene search

K

[email protected]NVD:CVE-2010-0165

HistoryMar 25, 2010 - 9:00 p.m.

CVE-2010-0165

2010-03-2521:00:00

CWE-119

[email protected]

web.nvd.nist.gov

5

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.068

Percentile

93.9%

The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function.

Affected configurations

Nvd

Node

mozillafirefoxMatch3.6

References

www.mandriva.com/security/advisories?name=MDVSA-2010:070

www.mozilla.org/security/announce/2010/mfsa2010-11.html

www.securityfocus.com/bid/38918

www.vupen.com/english/advisories/2010/0692

bugzilla.mozilla.org/show_bug.cgi?id=542849

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8472

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.068

Percentile

93.9%

Related for NVD:CVE-2010-0165

prion1 cvelist1 ubuntucve1 cve1 mozilla1 securityvulns2 openvas17 nessus6 gentoo1