CVE-2010-3772 — Mozilla Firefox vulnerability

CWE-1896 documents6 sources

Severity

9.3CRITICALNVD

EPSS

5.4%

top 9.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 10

Latest updateMay 17

Description

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.5.15+113

▶NVDmozilla/seamonkey2.0.10+43

🔴Vulnerability Details

GHSA

GHSA-52mv-7xvp-rg7v: Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2010-3772: Mozilla Firefox before 3↗2010-12-10

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-12-09

▶

Red Hat

Mozilla crash and remote code execution using HTML tags inside a XUL tree (MFSA 2010-77)↗2010-12-09

▶

💬Community

Bugzilla

CVE-2010-3772 Mozilla crash and remote code execution using HTML tags inside a XUL tree (MFSA 2010-77)↗2010-12-06

▶