CVE-2010-0220

The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array.

Date published : 2010-01-07

http://hg.mozilla.org/mozilla-central/rev/51396f6c9f20

http://www.mozilla.com/en-US/firefox/3.5.7/releasenotes/