5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.017 Low
EPSS
Percentile
88.1%
The nsObserverList::FillObserverArray function in
xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote
attackers to cause a denial of service (application crash) via a crafted
web site that triggers memory consumption and an accompanying Low Memory
alert dialog, and also triggers attempted removal of an observer from an
empty observers array.
Author | Note |
---|---|
jdstrand | per upstream, xulrunner-1.9 not affected |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 9.04 | noarch | xulrunner-1.9.1 | <Β 1.9.1.9+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | xulrunner-1.9.1 | <Β 1.9.1.9+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
ubuntu | 8.04 | noarch | xulrunner-1.9.2 | <Β 1.9.2.6+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |