CVE-2010-0177 — Use After Free in Mozilla Firefox

CWE-39910 documents6 sources

Severity

9.3CRITICALNVD

EPSS

6.3%

top 9.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedApr 5

Latest updateMay 2

Description

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.0.17+93

▶NVDmozilla/seamonkey2.0.3+34

🔴Vulnerability Details

GHSA

GHSA-g4x4-8fj2-6pwg: Mozilla Firefox before 3↗2022-05-02

▶

CVEList

CVE-2010-0177: Mozilla Firefox before 3↗2010-04-05

▶

📋Vendor Advisories

Ubuntu

Firefox 3.0 and Xulrunner vulnerabilities↗2010-04-09

▶

Ubuntu

Firefox 3.5 and Xulrunner vulnerabilities↗2010-04-09

▶

Red Hat

Mozilla Dangling pointer vulnerability in nsPluginArray↗2010-03-30

▶

💬Community

Bugzilla

CVE-2010-1814 webkit: memory corruption flaw when handling form menus↗2010-09-08

▶

Bugzilla

CVE-2010-1815 webkit: use-after-free flaw when handling scrollbars↗2010-09-08

▶

Bugzilla

CVE-2010-1812 webkit: use-after-free flaw in handling of selections↗2010-09-08

▶

Bugzilla

CVE-2010-0177 Mozilla Dangling pointer vulnerability in nsPluginArray↗2010-03-30

▶