CVE-2010-0175Use After Free in Mozilla Firefox

CWE-399CWE-416Use After Free7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
6.3%
top 9.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedApr 5
Latest updateMay 2

Description

Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox3.0.17+92
NVDmozilla/seamonkey2.0.3+34
NVDmozilla/thunderbird3.0.3+60

🔴Vulnerability Details

2
GHSA
GHSA-f74m-jmww-q4m2: Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 32022-05-02
CVEList
CVE-2010-0175: Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 32010-04-05

📋Vendor Advisories

3
Ubuntu
Firefox 3.0 and Xulrunner vulnerabilities2010-04-09
Ubuntu
Firefox 3.5 and Xulrunner vulnerabilities2010-04-09
Red Hat
Mozilla remote code execution with use-after-free in nsTreeSelection2010-03-30

💬Community

1
Bugzilla
CVE-2010-0175 Mozilla remote code execution with use-after-free in nsTreeSelection2010-03-30
CVE-2010-0175 — Use After Free in Mozilla Firefox | cvebase