CVE-2010-1987
Published May 20, 2010
Last updated 6 years ago
Overview
- Description
- Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-399
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD775DF-277E-4D5B-B980-B8E6E782467D" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656" } ], "operator": "OR" } ], "operator": "AND" } ]