Detections
Analytics

CVE-2010-0160

critical

Description

The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html

https://bugzilla.mozilla.org/show_bug.cgi?id=531222

https://bugzilla.mozilla.org/show_bug.cgi?id=533000

https://bugzilla.mozilla.org/show_bug.cgi?id=534051

http://secunia.com/advisories/37242

http://secunia.com/advisories/38847

https://exchange.xforce.ibmcloud.com/vulnerabilities/56360

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11166

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8465

http://www.debian.org/security/2010/dsa-1999

http://www.mandriva.com/security/advisories?name=MDVSA-2010:042

http://www.mozilla.org/security/announce/2010/mfsa2010-02.html

http://www.redhat.com/support/errata/RHSA-2010-0112.html

http://www.ubuntu.com/usn/USN-895-1

http://www.ubuntu.com/usn/USN-896-1

http://www.vupen.com/english/advisories/2010/0405

http://www.zerodayinitiative.com/advisories/ZDI-10-046

Details

Published: 2010-02-22

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical