CVE-2010-2117

Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x - Denial of Service via Infinite Loop with Invalid URI IFRAMEs

Title source: llm
STIX 2.1

Description

Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11190
Exploit x_refsource_misc
http://websecurity.com.ua/4238/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511509/100/0/threaded

Scores

EPSS 0.0178
EPSS Percentile 75.8%

Details

CWE
CWE-399
Status published
Products (11)
mozilla/firefox 3.0.19
mozilla/firefox 3.5
mozilla/firefox 3.5.1
mozilla/firefox 3.5.2
mozilla/firefox 3.5.3
mozilla/firefox 3.5.4
mozilla/firefox 3.5.5
mozilla/firefox 3.5.6
mozilla/firefox 3.5.7
mozilla/firefox 3.5.9
... and 1 more
Published Jun 01, 2010
Tracked Since Feb 18, 2026