CVE-2010-3180 — Use After Free in Mozilla Firefox

CWE-399 CWE-416 — Use After Free7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

5.4%

top 9.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedOct 21

Latest updateMay 17

Description

Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.5.13+91

▶NVDmozilla/seamonkey2.0.8+41

▶NVDmozilla/thunderbird3.0.8+71

🔴Vulnerability Details

GHSA

GHSA-hw9x-26r4-cfw7: Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2010-3180: Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3↗2010-10-21

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2010-10-20

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-10-20

▶

Red Hat

Mozilla use-after-free error in nsBarProp↗2010-10-19

▶

💬Community

Bugzilla

CVE-2010-3180 Mozilla use-after-free error in nsBarProp↗2010-10-12

▶