Vulnerabilities > CVE-2010-1990 - Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Oval
accepted | 2014-10-06T04:00:39.509-04:00 | ||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||
description | Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. | ||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:12386 | ||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||
submitted | 2011-05-03T09:09:57-05:00 | ||||||||||||||||||||||||||||||||||||
title | Denial of service vulnerability in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9 and 3.6.x before 3.6.2 and SeaMonkey less than 2.0.4 through IFRAME javascript element | ||||||||||||||||||||||||||||||||||||
version | 33 |