CVE-2010-3167

Firefox < 3.5.12 and 3.6.x < 3.6.9 - Remote Code Execution via XUL Tree Node Removal

Title source: llm
STIX 2.1

Description

The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability."

References (16)

Core 16
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100110210
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100112690
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42867
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-171/
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0061
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61661
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/43097
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2323
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=576070
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2106
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12136

Scores

EPSS 0.0653
EPSS Percentile 93.0%

Details

CWE
CWE-119 CWE-399
Status published
Products (47)
mozilla/firefox 3.6
mozilla/firefox 3.6.2
mozilla/firefox 3.6.3
mozilla/firefox 3.6.4
mozilla/firefox 3.6.6
mozilla/firefox 3.6.7
mozilla/firefox 3.6.8
mozilla/firefox 1.0 (2 CPE variants)
mozilla/firefox 1.0.1
mozilla/firefox 1.0.2
... and 37 more
Published Sep 09, 2010
Tracked Since Feb 18, 2026