Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0220 to the following vulnerability: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Upstream bug report: [1] https://bugzilla.mozilla.org/show_bug.cgi?id=507114 Upstream patches: [2] https://bugzilla.mozilla.org/show_bug.cgi?id=507114#c21 References: [3] http://www.mozilla.com/en-US/firefox/3.5.7/releasenotes/ [4] http://isc.sans.org/diary.html?storyid=7897 [5] https://bugzilla.mozilla.org/show_bug.cgi?id=507114 [6] http://www.mandriva.com/security/advisories?name=MDVSA-2010:000 [7] http://hg.mozilla.org/mozilla-central/rev/51396f6c9f20