CVE-2010-0183 — Use After Free in Mozilla Seamonkey

CWE-399 CWE-416 — Use After Free7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

5.2%

top 10.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox

Timeline

PublishedJun 24

Latest updateMay 2

Description

Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/seamonkey2.0.4+34

▶NVDmozilla/firefox9 versions+8

🔴Vulnerability Details

GHSA

GHSA-jqfj-5p8v-wpjh: Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3↗2022-05-02

▶

CVEList

CVE-2010-0183: Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3↗2010-06-23

▶

💥Exploits & PoCs

Exploit-DB

Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)↗2010-07-13

▶

📋Vendor Advisories

Red Hat

nsCycleCollector:: MarkRoots()↗2010-06-22

▶

💬Community

Bugzilla

CVE-2010-4253 OpenOffice.org: heap based buffer overflow in PPT import↗2010-11-29

▶

Bugzilla

CVE-2010-0183 Mozilla Use-after-free error in nsCycleCollector::MarkRoots()↗2010-05-10

▶