ID CVE-2010-1990
Summary Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-10-2018 - 19:58)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
accepted 2014-10-06T04:00:39.509-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Bhavya K
    organization SecPod Technologies
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Seamonkey is installed
    oval oval:org.mitre.oval:def:6372
description Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
family windows
id oval:org.mitre.oval:def:12386
status accepted
submitted 2011-05-03T09:09:57-05:00
title Denial of service vulnerability in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9 and 3.6.x before 3.6.2 and SeaMonkey less than 2.0.4 through IFRAME javascript element
version 31
refmap via4
bugtraq 20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
misc http://websecurity.com.ua/4206/
Last major update 10-10-2018 - 19:58
Published 20-05-2010 - 17:30
Back to Top