CVE-2010-0175

Firefox < 3.0.19 and 3.5.x < 3.5.9 - Use-After-Free in nsTreeSelection

Title source: llm
STIX 2.1

Description

Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.

References (34)

Core 34
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=375928
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39397
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0333.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39308
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39136
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0781
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html
Various Sources vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-921-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023782
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0764
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-050
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7546
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023780
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57390
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0765
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/510542/100/0/threaded
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9834
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38566
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39117
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39243
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0748
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0849
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0790
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39242
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2027
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0332.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39240
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39204
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=540100

Scores

EPSS 0.0705
EPSS Percentile 93.5%

Details

CWE
CWE-399
Status published
Products (46)
mozilla/firefox 0.1
mozilla/firefox 0.2
mozilla/firefox 0.3
mozilla/firefox 0.4
mozilla/firefox 0.5
mozilla/firefox 0.6
mozilla/firefox 0.6.1
mozilla/firefox 0.7
mozilla/firefox 0.7.1
mozilla/firefox 0.8
... and 36 more
Published Apr 05, 2010
Tracked Since Feb 18, 2026