CVE-2010-2767 — Mozilla Firefox vulnerability

CWE-3999 documents6 sources

Severity

9.3CRITICALNVD

EPSS

4.8%

top 10.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedSep 9

Latest updateMay 17

Description

The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.5.11+87

▶NVDmozilla/seamonkey2.0.6+40

▶NVDmozilla/thunderbird3.0.6+67

🔴Vulnerability Details

GHSA

GHSA-322h-cqgv-7v8g: The navigator↗2022-05-17

▶

CVEList

CVE-2010-2767: The navigator↗2010-09-09

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner regression↗2010-09-16

▶

Ubuntu

Thunderbird regression↗2010-09-16

▶

Ubuntu

Thunderbird vulnerabilities↗2010-09-08

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-09-08

▶

Red Hat

Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)↗2010-09-07

▶

💬Community

Bugzilla

CVE-2010-2767 Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)↗2010-09-03

▶