CVE-2010-0167

Firefox 3.0.x-3.0.17, 3.5.x-3.5.7, 3.6.x-3.6.1 - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0167. PoCs published by Bob Clary.

AI-analyzed exploit summary This HTML-based PoC exploits a memory corruption vulnerability in Mozilla Firefox, Thunderbird, and Seamonkey by leveraging CSS column rendering and list-item display properties to trigger arbitrary code execution or DoS.

Description

The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Bob Clary · textdoslinux
https://www.exploit-db.com/exploits/33801

This HTML-based PoC exploits a memory corruption vulnerability in Mozilla Firefox, Thunderbird, and Seamonkey by leveraging CSS column rendering and list-item display properties to trigger arbitrary code execution or DoS.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mozilla Firefox, Thunderbird, Seamonkey (versions affected by CVE-2010-0167)
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a crafted HTML file
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=534082
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38918
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38944
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0692
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8610
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=535641
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9835

Scores

EPSS 0.1051
EPSS Percentile 95.2%

Details

CWE
CWE-119
Status published
Products (40)
mozilla/firefox 3.0
mozilla/firefox 3.0.1
mozilla/firefox 3.0.10
mozilla/firefox 3.0.11
mozilla/firefox 3.0.12
mozilla/firefox 3.0.13
mozilla/firefox 3.0.14
mozilla/firefox 3.0.15
mozilla/firefox 3.0.16
mozilla/firefox 3.0.17
... and 30 more
Published Mar 25, 2010
Tracked Since Feb 18, 2026