Vulnerability CVE-2010-2120

Vulnerability Name:

CVE-2010-2120 (CCN-59089)

Assigned:

2010-05-28

Published:

2010-05-28

Updated:

2018-10-10

Summary:

Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-399

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: BugTraq Mailing List, Fri May 28 2010 - 07:57:48 CDT
[Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera

Source: MITRE
Type: CNA
CVE-2010-2120

Source: MISC
Type: Exploit
http://websecurity.com.ua/4238/

Source: CCN
Type: Google Chrome Web site
Google Chrome

Source: CCN
Type: OSVDB ID: 65112
Google Chrome Invalid news URI IFRAME Element Handling Remote DoS

Source: BUGTRAQ
Type: UNKNOWN
20100528 [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera

Source: XF
Type: UNKNOWN
chrome-news-dos(59089)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11966

Vulnerable Configuration:

Configuration 1:

cpe:/a:google:chrome:1.0.154.48:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:google:chrome:1.0.154.48:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:11966	V	Denial of service in Google Chrome 1.0.154.48 via JavaScript code containing an infinite loop	2013-08-12

BACK