Lucene search

K
mozillaMozilla FoundationMFSA2010-73
HistoryOct 27, 2010 - 12:00 a.m.

Heap buffer overflow mixing document.write and DOM insertion — Mozilla

2010-10-2700:00:00
Mozilla Foundation
www.mozilla.org
27

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.969

Percentile

99.8%

Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.

Affected configurations

Vulners
Node
mozillafirefoxRange<3.5.15
OR
mozillafirefoxRange<3.6.12
OR
mozillaseamonkeyRange<2.0.10
OR
mozillathunderbirdRange<3.0.10
OR
mozillathunderbirdRange<3.1.6
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.969

Percentile

99.8%