Oval Definition:oval:org.mitre.oval:def:12013
Revision Date:2014-10-06Version:26
Title:Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571.
Description:Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-1987
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Definition Synopsis
  • Mozilla Firefox Mainline release is installed
  • AND Check if registry key that contains path to firefox.exe exists
  • AND Check version of Firefox.exe and version of Firefox in registry
  • Check if Firefox.exe product version is less than or equal to 3.6.8
  • OR Check for vulnerable version
  • Mozilla Firefox Mainline version is less than or equal to 3.6.8
  • BACK