CVE-2010-2760 — Use After Free in Mozilla Firefox

9 documents6 sources

Severity

9.3CRITICALNVD

CNA8.8

EPSS

4.5%

top 10.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedSep 9

Latest updateMay 17

Description

Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.5.11+87

▶NVDmozilla/seamonkey2.0.6+40

▶NVDmozilla/thunderbird3.0.6+67

🔴Vulnerability Details

GHSA

GHSA-vfwv-gjcf-p528: Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2010-2760: Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3↗2010-09-09

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner regression↗2010-09-16

▶

Ubuntu

Thunderbird regression↗2010-09-16

▶

Ubuntu

Thunderbird vulnerabilities↗2010-09-08

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-09-08

▶

Red Hat

Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54)↗2010-09-07

▶

💬Community

Bugzilla

CVE-2010-2760 Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54)↗2010-09-03

▶