CVE-2010-0166

Firefox 3.6 - Memory Corruption via Invisible Unicode Characters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0166. PoCs published by Jesse Ruderman.

AI-analyzed exploit summary This HTML file exploits a memory corruption vulnerability in Mozilla Firefox 3.6 on Mac OS X by rendering specific Unicode characters (U+FEFF, U+FFF9, U+FFFA, U+FFFB) in a styled span, potentially leading to arbitrary code execution or denial-of-service.

Description

The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jesse Ruderman · htmldosmultiple

https://www.exploit-db.com/exploits/33800

View Code ZIP pw:eip

This HTML file exploits a memory corruption vulnerability in Mozilla Firefox 3.6 on Mac OS X by rendering specific Unicode characters (U+FEFF, U+FFF9, U+FFFA, U+FFFB) in a styled span, potentially leading to arbitrary code execution or denial-of-service.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Racy

Target: Mozilla Firefox 3.6 for Apple Mac OS X

No auth needed

Prerequisites: Victim must visit a malicious webpage using vulnerable Firefox version

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/38918

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=538065

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14182

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0692

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2010/mfsa2010-11.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/38943

Scores

EPSS 0.0670

EPSS Percentile 93.1%

Details

CWE

CWE-119

Status published

Products (1)

mozilla/firefox 3.6

Published Mar 25, 2010

Tracked Since Feb 18, 2026