CVE-2010-1209 — Use After Free in Mozilla Seamonkey

CWE-399 CWE-416 — Use After Free10 documents7 sources

Severity

9.3CRITICALNVD

EPSS

2.2%

top 15.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox

Timeline

PublishedJul 30

Latest updateMay 2

Description

Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/seamonkey2.0.5+39

▶NVDmozilla/firefox14 versions+13

🔴Vulnerability Details

GHSA

GHSA-jmgm-4732-hpm6: Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3↗2022-05-02

▶

CVEList

CVE-2010-1209: Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3↗2010-07-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft SQL Server - Payload Execution (Metasploit)↗2010-12-21

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerability↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Ubuntu

ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update↗2010-07-23

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Red Hat

Mozilla Use-after-free error in NodeIterator↗2010-07-20

▶

💬Community

Bugzilla

CVE-2010-1209 Mozilla Use-after-free error in NodeIterator↗2010-07-16

▶