[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3167Date: (C)2010-09-09   (M)2024-03-27


The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-42867
BID-43097
ADV-2010-2323
ADV-2011-0061
DSA-2106
FEDORA-2010-14362
MDVSA-2010:173
SUSE-SA:2010:049
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://support.avaya.com/css/P8/documents/100110210
http://support.avaya.com/css/P8/documents/100112690
http://www.mozilla.org/security/announce/2010/mfsa2010-56.html
http://www.zerodayinitiative.com/advisories/ZDI-10-171/
https://bugzilla.mozilla.org/show_bug.cgi?id=576070
mozilla-nstreecontentview-code-execution(61661)
oval:org.mitre.oval:def:12136

CPE    211
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
cpe:/a:mozilla:thunderbird:1.0
cpe:/a:mozilla:thunderbird:1.5
...
CWE    1
CWE-119
OVAL    29
oval:org.secpod.oval:def:200122
oval:org.secpod.oval:def:200170
oval:org.secpod.oval:def:200057
oval:org.secpod.oval:def:700075
...

© SecPod Technologies