CVE-2010-2117 | Vulnerability Database | Aqua Security

Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	3.0.19 (including)	3.0.19 (including)
Firefox	Mozilla	3.5 (including)	3.5 (including)
Firefox	Mozilla	3.5.1 (including)	3.5.1 (including)
Firefox	Mozilla	3.5.2 (including)	3.5.2 (including)
Firefox	Mozilla	3.5.3 (including)	3.5.3 (including)
Firefox	Mozilla	3.5.4 (including)	3.5.4 (including)
Firefox	Mozilla	3.5.5 (including)	3.5.5 (including)
Firefox	Mozilla	3.5.6 (including)	3.5.6 (including)
Firefox	Mozilla	3.5.7 (including)	3.5.7 (including)
Firefox	Mozilla	3.5.9 (including)	3.5.9 (including)
Firefox	Mozilla	3.6 (including)	3.6 (including)

References

http://websecurity.com.ua/4238/
http://www.securityfocus.com/archive/1/511509/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11190

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-2117
CWE	https://cwe.mitre.org/data/definitions/399.html