Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
References
Link | Resource |
---|---|
http://www.mozilla.org/security/announce/2010/mfsa2010-35.html | Vendor Advisory |
http://www.securityfocus.com/archive/1/512515 | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/41849 | Broken Link Third Party Advisory VDB Entry |
http://www.zerodayinitiative.com/advisories/ZDI-10-134/ | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=572986 | Issue Tracking Patch |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740 | Broken Link |
Configurations
History
02 Feb 2024, 16:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
CWE | CWE-416 | |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 8.8 |
References | (MISC) http://www.zerodayinitiative.com/advisories/ZDI-10-134/ - Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/512515 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://bugzilla.mozilla.org/show_bug.cgi?id=572986 - Issue Tracking, Patch | |
References | (BID) http://www.securityfocus.com/bid/41849 - Broken Link, Third Party Advisory, VDB Entry | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740 - Broken Link |
Information
Published : 2010-07-30 20:30
Updated : 2024-02-28 11:41
NVD link : CVE-2010-1208
Mitre link : CVE-2010-1208
CVE.ORG link : CVE-2010-1208
JSON object : View
Products Affected
mozilla
- firefox
- seamonkey
CWE
CWE-416
Use After Free