CVE-2010-3766 — Use After Free in Mozilla Firefox

CWE-399 CWE-416 — Use After Free6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

7.1%

top 8.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 10

Latest updateMay 17

Description

Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.5.15+95

▶NVDmozilla/seamonkey44 versions+43

🔴Vulnerability Details

GHSA

GHSA-cj8f-6h68-j44p: Use-after-free vulnerability in Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2010-3766: Use-after-free vulnerability in Mozilla Firefox before 3↗2010-12-10

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-12-09

▶

Red Hat

Mozilla use-after-free error with nsDOMAttribute MutationObserver (MFSA 2010-80)↗2010-12-09

▶

💬Community

Bugzilla

CVE-2010-3766 Mozilla use-after-free error with nsDOMAttribute MutationObserver (MFSA 2010-80)↗2010-12-06

▶