Firefox 'nsObserverList::FillObserverArray' DOS Vulnerability (Win) Network Vulnerability

Summary

The host is installed with Mozilla Firefox browser and is prone to Denial of Service vulnerability.

Impact

Successful remote exploitation will allow attackers to crash application via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Impact Level: Application.

Solution

Upgrade to Firefox version 3.5.7 http://www.mozilla.com/en-US/firefox/all.html

Insight

The flaw is due to error in 'nsObserverList::FillObserverArray()' function in 'xpcom/ds/nsObserverList.cpp'

Affected

Mozilla Firefox version prior to 3.5.7 on Windows.

References

http://isc.sans.org/diary.html?storyid=7897
http://www.mozilla.com/en-US/firefox/3.5.7/releasenotes
https://bugzilla.mozilla.org/show_bug.cgi?id=507114

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0220
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Avahi Denial of Service Vulnerability
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)
Django Forms Library Algorithmic Complexity Vulnerability
ejabberd XML Parsing Denial of Service Vulnerability (Windows)
FreeSWITCH 'switch_regex.c' Multiple Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities