National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2010-0159 Detail

Current Description

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

Source:  MITRE
Description Last Modified:  02/22/2010
View Analysis Description

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 10.0 HIGH
Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) (V2 legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0


Access Vector (AV): Network
Access Complexity (AC): Insufficient_Info
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional Information:
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html Mailing List Third Party Advisory
http://www.debian.org/security/2010/dsa-1999 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 Third Party Advisory
http://www.mozilla.org/security/announce/2010/mfsa2010-01.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0112.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0113.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0153.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0154.html Third Party Advisory
http://www.ubuntu.com/usn/USN-895-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-896-1 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0405 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0650 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=467005 Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=501934 Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=527567 Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=528134 Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=528300 Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=530880 Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=534082 Issue Tracking Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56359 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590 Third Party Advisory

References to Check Content

Identifier:
oval:org.mitre.oval:def:8485
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8485
Identifier:
oval:org.mitre.oval:def:9590
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9590

Technical Details

Vulnerability Type (View All)

Change History

4 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2010-0159
NVD Published Date:
02/22/2010
NVD Last Modified:
11/16/2018