CVE-2010-1208
HIGHMozilla Firefox <3.5.11 & SeaMonkey <2.0.6 - Use After Free
Title source: llmDescription
Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
References (6)
Core 6
Core References
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-134/
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41849
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=572986
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2010/mfsa2010-35.html
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512515
Scores
CVSS v3
8.8
EPSS
0.0515
EPSS Percentile
91.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (2)
mozilla/firefox
3.5 - 3.5.11
mozilla/seamonkey
< 2.0.6
Published
Jul 30, 2010
Tracked Since
Feb 18, 2026