CNNVD-202512-335 Information
Dec 03, 2025
cve
CNNVD ID
CNNVD-202512-335
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Mozilla Rhino是美国Mozilla公司的一个开源的JavaScript引擎。 Mozilla Rhino 1.8.1版本、1.7.15.1版本和1.7.14.1版本之前版本存在资源管理错误漏洞,该漏洞源于toFixed函数处理浮点数不当,可能导致拒绝服务攻击。
Description (English)
Mozilla Rhino is an open-source JavaScript engine of Mozilla, United States. The previous versions of Mozilla Rhino 1.8.1, 1.7.15.1 and 1.7.14.1 had a resource management error gap, which stemmed from the inappropriate treatment of floating points by the toFixed function, which could lead to a denial of service attack.
Hazard Level
High
Vulnerability Type
资源管理错误
Affected Vendor
Mozilla
Published
2025-12-03
Last Modified
2026-02-24
References
https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x
Patch
https://github.com/mozilla/rhino/releases
Share on: