The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox - | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html - | |
References | () http://secunia.com/advisories/42867 - | |
References | () http://support.avaya.com/css/P8/documents/100112690 - | |
References | () http://www.debian.org/security/2010/dsa-2106 - | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 - | |
References | () http://www.mozilla.org/security/announce/2010/mfsa2010-57.html - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/43100 - | |
References | () http://www.vupen.com/english/advisories/2010/2323 - | |
References | () http://www.vupen.com/english/advisories/2011/0061 - | |
References | () http://www.zerodayinitiative.com/advisories/ZDI-10-176/ - | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=580445 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11778 - |
Information
Published : 2010-09-09 19:00
Updated : 2024-11-21 01:17
NVD link : CVE-2010-2766
Mitre link : CVE-2010-2766
CVE.ORG link : CVE-2010-2766
JSON object : View
Products Affected
mozilla
- seamonkey
- thunderbird
- firefox
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')