Vulnerability Details : CVE-2010-0159
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-0159
Probability of exploitation activity in the next 30 days: 4.43%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0159
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2010-0159
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485
Repository / Oval RepositoryThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
[security-announce] SUSE Security Announcement: Mozilla Firefox (SUSE-SAMailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
[SECURITY] Fedora 12 Update: galeon-2.0.7-20.fc12Mailing List;Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=528134
528134 - inDOMUtils::GetRuleNodeForContent can hand back a dead rulenodeIssue Tracking;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-896-1
USN-896-1: Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=534082
534082 - Crash at Wikipedia with -moz-column and list-item [@ nsLineBox::MarkDirty()] [@ nsBlockFrame::DoRemoveFrame(nsIFrame*, unsigned int)]Issue Tracking;Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
[SECURITY] Fedora 12 Update: thunderbird-3.0.2-1.fc12Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
[SECURITY] Fedora 11 Update: thunderbird-3.0.2-1.fc11Mailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/0650
Webmail | OVH- OVHThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=467005
467005 - Double items in layout when alert() called from mutation event handlerIssue Tracking;Vendor Advisory
-
http://www.debian.org/security/2010/dsa-1999
Debian -- Security Information -- DSA-1999-1 xulrunnerThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0113.html
SupportThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=527567
527567 - Crash @ [@nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) ]Issue Tracking;Vendor Advisory
-
http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18) — MozillaVendor Advisory
-
http://www.ubuntu.com/usn/USN-895-1
USN-895-1: Firefox 3.0 and Xulrunner 1.9 vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0153.html
SupportThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
[SECURITY] Fedora 12 Update: seamonkey-2.0.3-1.fc12Mailing List;Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=530880
530880 - Crashes [@ nsIFrame::GetStyleDisplay() ]Issue Tracking;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0112.html
SupportThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=501934
501934 - Crash [@ nsXBLBinding::GenerateAnonymousContent] with DOMAttrModified and oncommand removing element and xbl:inherits="xbl:text"Issue Tracking;Vendor Advisory
-
http://www.vupen.com/english/advisories/2010/0405
Webmail | OVH- OVHThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0154.html
SupportThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590
Repository / Oval RepositoryThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56359
Mozilla Firefox, Thunderbird, and SeaMonkey browser engine code execution CVE-2010-0159 Vulnerability ReportThird Party Advisory;VDB Entry
-
https://bugzilla.mozilla.org/show_bug.cgi?id=528300
528300 - Crash [@ txExecutionState::~txExecutionState]Issue Tracking;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
mandriva.comThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
[SECURITY] Fedora 11 Update: epiphany-extensions-2.26.1-10.fc11Mailing List;Third Party Advisory
Products affected by CVE-2010-0159
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*