Vulnerabilities > CVE-2010-2117 - Resource Management Errors vulnerability in Mozilla Firefox

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

mozilla

CWE-399

NVD

Published: 2010-06-01

Updated: 2018-10-10

Summary

Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox 3.0.19 Mozilla Firefox 3.5 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.9 Mozilla Firefox 3.6	11

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Oval

accepted

2014-10-06T04:00:11.630-04:00

class

vulnerability

contributors

name Preeti Subramanian
organization SecPod Technologies
name Sergey Artykhov
organization ALTX-SOFT
name Sergey Artykhov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT

definition_extensions

comment	Mozilla Firefox Mainline release is installed
oval	oval:org.mitre.oval:def:22259

description

family

windows

oval:org.mitre.oval:def:11190

status

accepted

submitted

2010-08-11T14:24:29

title

Denial of Service Vulnerability in Mozilla Firefox 3.0.19 and before, 3.5.x and 3.6.x

version

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Oval

References