CVE-2010-1208 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free10 documents7 sources

Severity

8.8HIGHNVD

EPSS

1.6%

top 18.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedJul 30

Latest updateMay 2

Description

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmozilla/firefox3.5 — 3.5.11+1

▶NVDmozilla/seamonkey< 2.0.6

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-vw3x-5825-83ph: Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3↗2022-05-02

▶

CVEList

CVE-2010-1208: Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3↗2010-07-30

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerability↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Ubuntu

ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update↗2010-07-23

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Red Hat

Mozilla DOM attribute cloning remote code execution vulnerability↗2010-07-20

▶

📐Framework References

CWE

Use After Free↗

▶

💬Community

Bugzilla

CVE-2010-1208 Mozilla DOM attribute cloning remote code execution vulnerability↗2010-07-16

▶