CVE-2010-0176 — Improper Update of Reference Count in Mozilla Firefox

CWE-399 CWE-911 — Improper Update of Reference Count8 documents7 sources

Severity

9.3CRITICALNVD

EPSS

5.4%

top 9.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedApr 5

Latest updateMay 2

Description

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.5.7+93

▶NVDmozilla/seamonkey2.0.3+34

▶NVDmozilla/thunderbird3.0.3+60

🔴Vulnerability Details

GHSA

GHSA-wcmh-4pfq-jg4p: Mozilla Firefox before 3↗2022-05-02

▶

CVEList

CVE-2010-0176: Mozilla Firefox before 3↗2010-04-05

▶

📋Vendor Advisories

Ubuntu

Firefox 3.0 and Xulrunner vulnerabilities↗2010-04-09

▶

Ubuntu

Firefox 3.5 and Xulrunner vulnerabilities↗2010-04-09

▶

Red Hat

Mozilla Dangling pointer vulnerability in nsTreeContentView↗2010-03-30

▶

📐Framework References

CWE

Improper Update of Reference Count↗

▶

💬Community

Bugzilla

CVE-2010-0176 Mozilla Dangling pointer vulnerability in nsTreeContentView↗2010-03-30

▶