Unrated severityNVD Advisory· Published May 20, 2010· Updated Jun 16, 2026
CVE-2010-1987
CVE-2010-1987
Description
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571.
Affected products
2cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
- (no CPE)range: =3.6.3
Patches
Vulnerability mechanics
References
6- www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txtnvdExploit
- osvdb.org/64790nvd
- www.exploit-db.com/exploits/12678nvd
- www.securityfocus.com/archive/1/511329/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/58762nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12013nvd
News mentions
0No linked articles in our index yet.