CVE-2010-0167 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-0167 PUBLISHED CVSS 9.300000190734863 CRITICAL

The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.

EPSS 22.87% · 95.8th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

22.87%

95.8th percentile

Affected Products

Vendor	Product	Versions
mozilla	thunderbird	2.0.0.0, 1.5.1, 1.5.0.14
n/a	n/a	n/a
mozilla	firefox	3.0.17, 3.0, 3.0.1
mozilla	seamonkey	2.0.1, 2.0, 2.0

Timeline

Mar 24, 2010 PoC Published
Mar 25, 2010 CVE Published
Apr 21, 2010 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

https://bugzilla.mozilla.org/show_bug.cgi?id=534082 url
38918 vdb
38944 vdb
MDVSA-2010:070 vendor-advisory
ADV-2010-0692 vdb
oval:org.mitre.oval:def:8610 vdb
https://bugzilla.mozilla.org/show_bug.cgi?id=535641 url
http://www.mozilla.org/security/announce/2010/mfsa2010-11.html url
oval:org.mitre.oval:def:9835 vdb
https://nvd.nist.gov/vuln/detail/CVE-2010-0167 advisory

Open in Interactive Console →