CVE-2010-0166

Mozilla Firefox - Memory Corruption

Title source: rule

Description

The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jesse Ruderman · htmldosmultiple

https://www.exploit-db.com/exploits/33800

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://www.mozilla.org/security/announce/2010/mfsa2010-11.html

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=538065

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14182

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/38918

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/38943

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/0692

Scores

EPSS 0.1791

EPSS Percentile 95.2%

Details

CWE

CWE-119

Status published

Products (1)

mozilla/firefox 3.6

Published Mar 25, 2010

Tracked Since Feb 18, 2026