Home

CVE-2010-1212

Description

js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.028

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 3.6.6Windows
Multiple vulnerabilities affected in Mozilla Thunderbird 3.1Windows
Multiple vulnerabilities affected in Mozilla_Firefox 3.6.6Windows
Multiple Vulnerabilities are affected in Mozilla Thunderbird 3.1Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.6.2Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.6.3Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.6.4Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.6.6Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.6.2Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.6.3Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.6.4Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.6.6Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343016Mozilla Firefox (x64) (132.0.2)
PATCH-315938Mozilla Thunderbird (68.12.0)
PATCH-343015Mozilla Firefox (132.0.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234