Vulnerability Details : CVE-2010-1203
The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-1203
Probability of exploitation activity in the next 30 days: 11.02%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1203
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2010-1203
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10401
Repository / Oval Repository
-
http://www.vupen.com/english/advisories/2010/1640
Webmail | OVH- OVHVendor Advisory
-
http://www.securityfocus.com/bid/41099
Mozilla Firefox 'jstracer.cpp' Memory Corruption Vulnerability
-
http://ubuntu.com/usn/usn-930-1
USN-930-1: Firefox and Xulrunner vulnerabilities | Ubuntu security notices
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8317
Repository / Oval Repository
-
http://www.securitytracker.com/id?1024139
Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.ubuntu.com/usn/usn-930-2
USN-930-2: apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update | Ubuntu security notices
-
http://www.securitytracker.com/id?1024138
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Access Keystrokes, and Conduct Cross-Site Scripting Attacks - SecurityTracker
-
https://bugzilla.mozilla.org/show_bug.cgi?id=546611
546611 - TM: "Assertion failure: isNumber(*p) == (t == TT_DOUBLE), at ../jstracer.cpp" or "Assertion failure: isInt32(*p), at ../jstracer.cpp"
-
http://www.redhat.com/support/errata/RHSA-2010-0500.html
Support
-
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html
[security-announce] SUSE Security Announcement: Mozilla Firefox (SUSE-SA
-
http://www.mozilla.org/security/announce/2010/mfsa2010-26.html
Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10) — MozillaVendor Advisory
-
http://www.vupen.com/english/advisories/2010/1551
Webmail | OVH- OVHVendor Advisory
-
http://www.vupen.com/english/advisories/2010/1557
Webmail | OVH- OVHVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0501.html
Support
-
http://www.securityfocus.com/bid/41050
RETIRED: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-26/27/28/29/30/32 Remote Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/59662
Mozilla Firefox, Thunderbird, and SeaMonkey JavaScript code execution CVE-2010-1203 Vulnerability Report
-
http://www.vupen.com/english/advisories/2010/1773
Webmail | OVH- OVHVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=557946
557946 - TM: Crash with malformed typemap in nested trees or "Assertion failure: *(JSObject**)slot == NULL, at ../jstracer.cpp"
-
http://support.avaya.com/css/P8/documents/100091069
ASA-2010-165 (RHSA-2010-0500)
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:125
mandriva.com
Products affected by CVE-2010-1203
- cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*