CVE-2010-2117

Publication date 1 June 2010

Last updated 24 July 2024

Ubuntu priority

Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	10.04 LTS lucid	Ignored
	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Ignored end of life
xulrunner	10.04 LTS lucid	Not in release
	9.10 karmic	Ignored
	9.04 jaunty	Ignored
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Not in release
xulrunner-1.9	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Ignored
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Not in release
xulrunner-1.9.1	10.04 LTS lucid	Not in release
	9.10 karmic	Ignored
	9.04 jaunty	Ignored
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
xulrunner-1.9.2	10.04 LTS lucid	Ignored
	9.10 karmic	Ignored end of life, was needs-triage
	9.04 jaunty	Ignored end of life, was needs-triage
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Not in release

Notes

jdstrand

CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. ignoring until upstream fixes this since a malicious website can achieve the same 'exploit' via other means

References

Other references

https://www.cve.org/CVERecord?id=CVE-2010-2117