Lucene search

[email protected]CVE-2010-0220

HistoryJan 07, 2010 - 7:30 p.m.

CVE-2010-0220

2010-01-0719:30:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2010-0220

nsobserverlist

fillobserverarray

mozilla firefox

denial of service

application crash

memory consumption

low memory alert

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.7 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

88.0%

JSON

The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array.

Affected configurations

NVD

Node

mozillafirefoxRange≤3.5.6

mozillafirefoxMatch0.1

mozillafirefoxMatch0.2

mozillafirefoxMatch0.3

mozillafirefoxMatch0.4

mozillafirefoxMatch0.5

mozillafirefoxMatch0.6

mozillafirefoxMatch0.6.1

mozillafirefoxMatch0.7

mozillafirefoxMatch0.7.1

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0preview_release

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.4.1

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5beta1

mozillafirefoxMatch1.5beta2

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch1.5.0.11

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch1.5.1

mozillafirefoxMatch1.5.2

mozillafirefoxMatch1.5.3

mozillafirefoxMatch1.5.4

mozillafirefoxMatch1.5.5

mozillafirefoxMatch1.5.6

mozillafirefoxMatch1.5.7

mozillafirefoxMatch1.5.8

mozillafirefoxMatch1.8

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.5

mozillafirefoxMatch3.5.2

mozillafirefoxMatch3.5.3

mozillafirefoxMatch3.5.4

mozillafirefoxMatch3.5.5

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle3.5.6
mozilla:firefoxmozilla firefoxeq0.1
mozilla:firefoxmozilla firefoxeq0.2
mozilla:firefoxmozilla firefoxeq0.3
mozilla:firefoxmozilla firefoxeq0.4
mozilla:firefoxmozilla firefoxeq0.5
mozilla:firefoxmozilla firefoxeq0.6
mozilla:firefoxmozilla firefoxeq0.6.1
mozilla:firefoxmozilla firefoxeq0.7
mozilla:firefoxmozilla firefoxeq0.7.1

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	3.5.6
mozilla:firefox	mozilla firefox	eq	0.1
mozilla:firefox	mozilla firefox	eq	0.2
mozilla:firefox	mozilla firefox	eq	0.3
mozilla:firefox	mozilla firefox	eq	0.4
mozilla:firefox	mozilla firefox	eq	0.5
mozilla:firefox	mozilla firefox	eq	0.6
mozilla:firefox	mozilla firefox	eq	0.6.1
mozilla:firefox	mozilla firefox	eq	0.7
mozilla:firefox	mozilla firefox	eq	0.7.1