Vulnerabilities > CVE-2010-1988 - Unspecified vulnerability in Mozilla Firefox 3.6.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 |
Exploit-Db
| id | EDB-ID:12678 |
Oval
| accepted | 2014-10-06T04:00:30.524-04:00 | ||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||
| description | Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. | ||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:12050 | ||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||
| submitted | 2010-08-20T16:05:03 | ||||||||||||||||||||||||||||||||||||
| title | Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. | ||||||||||||||||||||||||||||||||||||
| version | 31 |
Seebug
| bulletinFamily | exploit |
| description | CVE(CAN) ID: CVE-2010-1986,CVE-2010-1987,CVE-2010-1988 Firefox是非常流行的开源WEB浏览器。 Firefox的xul.dll库中的gfxWindowsFontGroup::MakeTextRun函数和USP10.dll库的 DoubleWideCharMappedString类中存在多个拒绝服务漏洞。如果网页中的JavaScript代码可创建包含有超长字符串元素的数组之后将超长字符串附加到了P元素的内容,就会触发内存破坏或空指针引用,导致浏览器崩溃。 Mozilla Firefox 3.6.3 厂商补丁: Mozilla ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.mozilla.org/ |
| id | SSV:19683 |
| last seen | 2017-11-19 |
| modified | 2010-05-24 |
| published | 2010-05-24 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-19683 |
| title | Mozilla Firefox 3.6.3 USP10.dll和xul.dll库多个拒绝服务漏洞 |
References
- http://osvdb.org/64789
- http://www.exploit-db.com/exploits/12678
- http://www.securityfocus.com/archive/1/511329/100/0/threaded
- http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58763
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12050