Lucene search

K
mozillaMozilla FoundationMFSA2011-37
HistorySep 27, 2011 - 12:00 a.m.

Integer underflow when using JavaScript RegExp — Mozilla

2011-09-2700:00:00
Mozilla Foundation
www.mozilla.org
20

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.106

Percentile

95.1%

Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem.

Affected configurations

Vulners
Node
mozillafirefoxRange<3.6.23
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.106

Percentile

95.1%