Mozilla Products 'IFRAME' Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox/Seamonkey and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to Firefox version 3.5.9, 3.6.2 http://www.mozilla.com/en-US/firefox/all.html Upgrade to Seamonkey version 2.0.4 http://www.seamonkey-project.org/releases/

Insight

The flaw is due to improper handling of an 'IFRAME' element with a mailto: URL in its 'SRC' attribute, which allows remote attackers to exhaust resources via an HTML document with many 'IFRAME' elements.

Affected

Seamonkey version prior to 2.0.4, Firefox version 3.0.x to 3.0.19, 3.5.x before 3.5.9, 3.6.x before 3.6.2

References

http://websecurity.com.ua/4206/
http://www.securityfocus.com/archive/1/archive/1/511327/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1990
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
ClamAV Remote Denial of Service Vulnerability
avast! AntiVirus Multiple BOF Vulnerabilities (Linux)
Firefox 'nsObserverList::FillObserverArray' DOS Vulnerability (Win)
CUPS 'scheduler/select.c' Denial Of Service Vulnerability

Mozilla Products 'IFRAME' Denial Of Service vulnerability (Windows)

Take action and discover your vulnerabilities