QwikSec

Security Database

CVE

CWE

Training

CVE-2010-1987

Published: May 20, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

firefox-pelement-dos(58762)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

oval:org.mitre.oval:def:12013

vdb-entry

signature

x_refsource_OVAL

exploit

x_refsource_EXPLOIT-DB

http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt

x_refsource_MISC

20100518 Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.