CVE-2010-0167 — Vulnetix

CVE-2010-0167 PUBLISHED CVSS 9.300000190734863 CRITICAL

The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.

EPSS 27.26% · 96.5th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

27.26%

96.5th percentile

Affected Products

Vendor	Product	Versions
mozilla	thunderbird	2.0.0.12, 2.0.0.6, 2.0.0.5
n/a	n/a	n/a
mozilla	firefox	3.5, 3.0, 3.0.10
mozilla	seamonkey	1.1.5, 1.1.4, 2.0

Exploit Intelligence

CIRCL confirmed: CVE-2010-0167 (circl-sighting)
https://bugzilla.mozilla.org/show_bug.cgi?id=534082 (circl)
38918 (circl)
38944 (circl)
MDVSA-2010:070 (circl)
ADV-2010-0692 (circl)
oval:org.mitre.oval:def:8610 (circl)
https://bugzilla.mozilla.org/show_bug.cgi?id=535641 (circl)
http://www.mozilla.org/security/announce/2010/mfsa2010-11.html (circl)
oval:org.mitre.oval:def:9835 (circl)

…and 2 more exploits

Timeline

Mar 24, 2010 PoC Published
Mar 25, 2010 CVE Published
Apr 21, 2010 PoC Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

https://bugzilla.mozilla.org/show_bug.cgi?id=534082 url
38918 vdb
38944 vdb
MDVSA-2010:070 vendor-advisory
ADV-2010-0692 vdb
oval:org.mitre.oval:def:8610 vdb
https://bugzilla.mozilla.org/show_bug.cgi?id=535641 url
http://www.mozilla.org/security/announce/2010/mfsa2010-11.html url
oval:org.mitre.oval:def:9835 vdb
https://nvd.nist.gov/vuln/detail/CVE-2010-0167 advisory

Open in Interactive Console →