CVE-2010-0160

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html

http://secunia.com/advisories/37242

http://secunia.com/advisories/38847

http://www.debian.org/security/2010/dsa-1999

http://www.mandriva.com/security/advisories?name=MDVSA-2010:042

http://www.mozilla.org/security/announce/2010/mfsa2010-02.html

http://www.redhat.com/support/errata/RHSA-2010-0112.html

http://www.securityfocus.com/archive/1/510533/100/0/threaded

http://www.ubuntu.com/usn/USN-895-1

http://www.ubuntu.com/usn/USN-896-1

http://www.vupen.com/english/advisories/2010/0405

http://www.zerodayinitiative.com/advisories/ZDI-10-046

https://bugzilla.mozilla.org/show_bug.cgi?id=531222

https://bugzilla.mozilla.org/show_bug.cgi?id=533000

https://bugzilla.mozilla.org/show_bug.cgi?id=534051

https://exchange.xforce.ibmcloud.com/vulnerabilities/56360

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11166

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8465

Details

Source: MITRE

Published: 2010-02-22

Updated: 2018-10-10

Type: CWE-399

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 3.0.17 (inclusive)

cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 2.0.2 (inclusive)

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
68000Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0113)NessusOracle Linux Local Security Checks
critical
67999Oracle Linux 4 / 5 : firefox (ELSA-2010-0112)NessusOracle Linux Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
49900SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6866)NessusSuSE Local Security Checks
critical
49891SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6867)NessusSuSE Local Security Checks
critical
47288Fedora 11 : Miro-2.5.4-2.fc11 / blam-1.8.5-18.fc11 / chmsee-1.0.1-15.fc11 / eclipse-3.4.2-20.fc11 / etc (2010-1936)NessusFedora Local Security Checks
critical
47285Fedora 12 : seamonkey-2.0.3-1.fc12 (2010-1932)NessusFedora Local Security Checks
critical
47268Fedora 12 : blam-1.8.5-22.fc12 / firefox-3.5.8-1.fc12 / galeon-2.0.7-20.fc12 / etc (2010-1727)NessusFedora Local Security Checks
critical
44911SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6871)NessusSuSE Local Security Checks
critical
44910SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6863)NessusSuSE Local Security Checks
critical
44909SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)NessusSuSE Local Security Checks
critical
44907SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 2025)NessusSuSE Local Security Checks
critical
44906openSUSE Security Update : seamonkey (seamonkey-2013)NessusSuSE Local Security Checks
critical
44903openSUSE Security Update : MozillaFirefox (MozillaFirefox-2017)NessusSuSE Local Security Checks
critical
44901openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)NessusSuSE Local Security Checks
critical
44899openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)NessusSuSE Local Security Checks
critical
44863Debian DSA-1999-1 : xulrunner - several vulnerabilitiesNessusDebian Local Security Checks
critical
44672Mandriva Linux Security Advisory : firefox (MDVSA-2010:042)NessusMandriva Local Security Checks
critical
44661FreeBSD : mozilla -- multiple vulnerabilities (f82c85d8-1c6e-11df-abb2-000f20797ede)NessusFreeBSD Local Security Checks
critical
801219Mozilla SeaMonkey < 2.0.3 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5343SeaMonkey < 2.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
5342Mozilla Firefox < 3.0.18 / 3.5.8 / 3.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
44660SeaMonkey < 2.0.3 Multiple VulnerabilitiesNessusWindows
high
44659Firefox 3.5 < 3.5.8 Multiple VulnerabilitiesNessusWindows
high
44658Firefox < 3.0.18 Multiple VulnerabilitiesNessusWindows
high
44656Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-896-1)NessusUbuntu Local Security Checks
critical
44655Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-895-1)NessusUbuntu Local Security Checks
critical
44652RHEL 3 / 4 : seamonkey (RHSA-2010:0113)NessusRed Hat Local Security Checks
critical
44651RHEL 4 / 5 : firefox (RHSA-2010:0112)NessusRed Hat Local Security Checks
critical
44649CentOS 3 / 4 : seamonkey (CESA-2010:0113)NessusCentOS Local Security Checks
critical
44648CentOS 4 / 5 : firefox (CESA-2010:0112)NessusCentOS Local Security Checks
critical