Mozilla Products 'IFRAME' Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox/Seamonkey and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to Firefox version 3.5.9, 3.6.2 http://www.mozilla.com/en-US/firefox/all.html Upgrade to Seamonkey version 2.0.4 http://www.seamonkey-project.org/releases/

Insight

The flaw is due to improper handling of an 'IFRAME' element with a mailto: URL in its 'SRC' attribute, which allows remote attackers to exhaust resources via an HTML document with many 'IFRAME' elements.

Affected

Seamonkey version prior to 2.0.4, Firefox version 3.0.x to 3.0.19, 3.5.x before 3.5.9, 3.6.x before 3.6.2

References

http://websecurity.com.ua/4206/
http://www.securityfocus.com/archive/1/archive/1/511327/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1990

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV 'cli_pdf()' and 'cli_scanicon()' Denial of Service Vulnerabilities (Win
Compaq Web SSI DoS
ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux
Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability

Mozilla Products 'IFRAME' Denial Of Service vulnerability (Windows)

Take action and discover your vulnerabilities