CVE-2010-0164 - Vulnerability Details - OpenCVE

Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
http://www.mozilla.org/security/announce/2010/mfsa2010-09.html
http://www.securityfocus.com/archive/1/510535/100/0/threaded
http://www.securityfocus.com/bid/38918
http://www.securityfocus.com/bid/38921
http://www.vupen.com/english/advisories/2010/0692
http://www.zerodayinitiative.com/advisories/ZDI-10-047
https://bugzilla.mozilla.org/show_bug.cgi?id=547143
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8703

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-03-25T20:31:00

Updated: 2024-08-07T00:37:54.195Z

Reserved: 2010-01-06T00:00:00

Link: CVE-2010-0164

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-03-25T21:00:00.297

Modified: 2024-11-21T01:11:40.050

Link: CVE-2010-0164

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "38921", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38921"}, {"name": "38918", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38918"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-047"}, {"name": "MDVSA-2010:070", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=547143"}, {"name": "ADV-2010-0692", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0692"}, {"name": "oval:org.mitre.oval:def:8703", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8703"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-09.html"}, {"name": "20100402 ZDI-10-047: Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/510535/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0164", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "38921", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38921"}, {"name": "38918", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38918"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-047", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-047"}, {"name": "MDVSA-2010:070", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=547143", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=547143"}, {"name": "ADV-2010-0692", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0692"}, {"name": "oval:org.mitre.oval:def:8703", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8703"}, {"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-09.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-09.html"}, {"name": "20100402 ZDI-10-047: Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/510535/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:37:54.195Z"}, "title": "CVE Program Container", "references": [{"name": "38921", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38921"}, {"name": "38918", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38918"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-047"}, {"name": "MDVSA-2010:070", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=547143"}, {"name": "ADV-2010-0692", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0692"}, {"name": "oval:org.mitre.oval:def:8703", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8703"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-09.html"}, {"name": "20100402 ZDI-10-047: Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/510535/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0164", "datePublished": "2010-03-25T20:31:00", "dateReserved": "2010-01-06T00:00:00", "dateUpdated": "2024-08-07T00:37:54.195Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "F3782354-7EB7-49D2-B240-1871F6CB84C7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values."}, {"lang": "es", "value": "Vulnerabilidad uso despu\u00e9s de la liberaci\u00f3n (use-after-free) en la funci\u00f3n imgContainer::InternalAddFrameHelper en src/imgContainer.cpp en libpr0n en Mozilla Firefox v3.6 anterior a v3.6.2 permite a atacantes remotos producir una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria de la pila y ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecuci\u00f3n arbitraria de c\u00f3digo a trav\u00e9s de una animaci\u00f3n multipart/x-mixed-replace en el que los frames tienen valores diferentes de bit por pixel (bpp)."}], "id": "CVE-2010-0164", "lastModified": "2024-11-21T01:11:40.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-03-25T21:00:00.297", "references": [{"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-09.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/510535/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/38918"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/38921"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/0692"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-047"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=547143"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-09.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/510535/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/38918"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/38921"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0692"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-047"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=547143"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8703"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}