CVE-2010-1208

HIGH

Mozilla Firefox <3.5.11 & SeaMonkey <2.0.6 - Use After Free

Title source: llm
STIX 2.1

Description

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-134/
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/41849
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=572986
Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512515

Scores

CVSS v3 8.8
EPSS 0.0515
EPSS Percentile 91.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (2)
mozilla/firefox 3.5 - 3.5.11
mozilla/seamonkey < 2.0.6
Published Jul 30, 2010
Tracked Since Feb 18, 2026