CVE-2010-0159

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html

http://secunia.com/advisories/37242

http://secunia.com/advisories/38770

http://secunia.com/advisories/38772

http://secunia.com/advisories/38847

http://www.debian.org/security/2010/dsa-1999

http://www.mandriva.com/security/advisories?name=MDVSA-2010:042

http://www.mozilla.org/security/announce/2010/mfsa2010-01.html

http://www.redhat.com/support/errata/RHSA-2010-0112.html

http://www.redhat.com/support/errata/RHSA-2010-0113.html

http://www.redhat.com/support/errata/RHSA-2010-0153.html

http://www.redhat.com/support/errata/RHSA-2010-0154.html

http://www.ubuntu.com/usn/USN-895-1

http://www.ubuntu.com/usn/USN-896-1

http://www.vupen.com/english/advisories/2010/0405

http://www.vupen.com/english/advisories/2010/0650

https://bugzilla.mozilla.org/show_bug.cgi?id=467005

https://bugzilla.mozilla.org/show_bug.cgi?id=501934

https://bugzilla.mozilla.org/show_bug.cgi?id=527567

https://bugzilla.mozilla.org/show_bug.cgi?id=528134

https://bugzilla.mozilla.org/show_bug.cgi?id=528300

https://bugzilla.mozilla.org/show_bug.cgi?id=530880

https://bugzilla.mozilla.org/show_bug.cgi?id=534082

https://exchange.xforce.ibmcloud.com/vulnerabilities/56359

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590

Details

Source: MITRE

Published: 2010-02-22

Updated: 2018-11-16

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
68015Oracle Linux 4 : thunderbird (ELSA-2010-0154)NessusOracle Linux Local Security Checks
critical
68000Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0113)NessusOracle Linux Local Security Checks
critical
67999Oracle Linux 4 / 5 : firefox (ELSA-2010-0112)NessusOracle Linux Local Security Checks
critical
63923RHEL 5 : thunderbird (RHSA-2010:0153)NessusRed Hat Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
60750Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60737Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
49900SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6866)NessusSuSE Local Security Checks
critical
49891SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6867)NessusSuSE Local Security Checks
critical
47305Fedora 11 : sunbird-1.0-0.14.20090715hg.fc11 / thunderbird-3.0.2-1.fc11 (2010-3267)NessusFedora Local Security Checks
critical
47303Fedora 12 : sunbird-1.0-0.19.20090916hg.fc12 / thunderbird-3.0.2-1.fc12 (2010-3230)NessusFedora Local Security Checks
critical
47288Fedora 11 : Miro-2.5.4-2.fc11 / blam-1.8.5-18.fc11 / chmsee-1.0.1-15.fc11 / eclipse-3.4.2-20.fc11 / etc (2010-1936)NessusFedora Local Security Checks
critical
47285Fedora 12 : seamonkey-2.0.3-1.fc12 (2010-1932)NessusFedora Local Security Checks
critical
47268Fedora 12 : blam-1.8.5-22.fc12 / firefox-3.5.8-1.fc12 / galeon-2.0.7-20.fc12 / etc (2010-1727)NessusFedora Local Security Checks
critical
46271RHEL 4 : thunderbird (RHSA-2010:0154)NessusRed Hat Local Security Checks
critical
45521Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:071)NessusMandriva Local Security Checks
critical
45361CentOS 5 : thunderbird (CESA-2010:0153)NessusCentOS Local Security Checks
critical
45093CentOS 4 : thunderbird (CESA-2010:0154)NessusCentOS Local Security Checks
critical
45034SuSE 11.2 Security Update: MozillaThunderbird (2010-03-05)NessusSuSE Local Security Checks
critical
801210Mozilla Thunderbird < 3.0.2 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
5355Mozilla Thunderbird < 3.0.2 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
44961Mozilla Thunderbird < 3.0.2 Multiple VulnerabilitiesNessusWindows
high
44911SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6871)NessusSuSE Local Security Checks
critical
44910SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6863)NessusSuSE Local Security Checks
critical
44909SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)NessusSuSE Local Security Checks
critical
44907SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 2025)NessusSuSE Local Security Checks
critical
44906openSUSE Security Update : seamonkey (seamonkey-2013)NessusSuSE Local Security Checks
critical
44903openSUSE Security Update : MozillaFirefox (MozillaFirefox-2017)NessusSuSE Local Security Checks
critical
44901openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)NessusSuSE Local Security Checks
critical
44899openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)NessusSuSE Local Security Checks
critical
44863Debian DSA-1999-1 : xulrunner - several vulnerabilitiesNessusDebian Local Security Checks
critical
44672Mandriva Linux Security Advisory : firefox (MDVSA-2010:042)NessusMandriva Local Security Checks
critical
44661FreeBSD : mozilla -- multiple vulnerabilities (f82c85d8-1c6e-11df-abb2-000f20797ede)NessusFreeBSD Local Security Checks
critical
801219Mozilla SeaMonkey < 2.0.3 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5343SeaMonkey < 2.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
5342Mozilla Firefox < 3.0.18 / 3.5.8 / 3.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
44660SeaMonkey < 2.0.3 Multiple VulnerabilitiesNessusWindows
high
44659Firefox 3.5 < 3.5.8 Multiple VulnerabilitiesNessusWindows
high
44658Firefox < 3.0.18 Multiple VulnerabilitiesNessusWindows
high
44656Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-896-1)NessusUbuntu Local Security Checks
critical
44655Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-895-1)NessusUbuntu Local Security Checks
critical
44652RHEL 3 / 4 : seamonkey (RHSA-2010:0113)NessusRed Hat Local Security Checks
critical
44651RHEL 4 / 5 : firefox (RHSA-2010:0112)NessusRed Hat Local Security Checks
critical
44649CentOS 3 / 4 : seamonkey (CESA-2010:0113)NessusCentOS Local Security Checks
critical
44648CentOS 4 / 5 : firefox (CESA-2010:0112)NessusCentOS Local Security Checks
critical