CVE-2010-0183high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus.
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html
http://secunia.com/advisories/40326
http://secunia.com/advisories/40481
http://www.mozilla.org/security/announce/2010/mfsa2010-27.html
http://www.securityfocus.com/bid/41050
http://www.securitytracker.com/id?1024138
http://www.vupen.com/english/advisories/2010/1551
http://www.vupen.com/english/advisories/2010/1592
http://www.vupen.com/english/advisories/2010/1773
https://bugzilla.mozilla.org/show_bug.cgi?id=557174
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12586
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 2.0.4 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 68055 | Oracle Linux 5 : firefox (ELSA-2010-0501) | Nessus | Oracle Linux Local Security Checks | critical |
| 68054 | Oracle Linux 4 : firefox (ELSA-2010-0500) | Nessus | Oracle Linux Local Security Checks | critical |
| 68053 | Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0499) | Nessus | Oracle Linux Local Security Checks | critical |
| 63402 | GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
| 50873 | SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 2608 / 2609) | Nessus | SuSE Local Security Checks | critical |
| 49893 | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7083) | Nessus | SuSE Local Security Checks | critical |
| 48265 | CentOS 4 : firefox (CESA-2010:0500) | Nessus | CentOS Local Security Checks | critical |
| 47788 | CentOS 3 / 4 : seamonkey (CESA-2010:0499) | Nessus | CentOS Local Security Checks | critical |
| 47693 | openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0358-2) | Nessus | SuSE Local Security Checks | critical |
| 47691 | openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0358-2) | Nessus | SuSE Local Security Checks | critical |
| 47689 | openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0358-2) | Nessus | SuSE Local Security Checks | critical |
| 47226 | Fedora 13 : seamonkey-2.0.5-1.fc13 (2010-10363) | Nessus | Fedora Local Security Checks | critical |
| 47225 | Fedora 13 : firefox-3.6.4-1.fc13 / galeon-2.0.7-29.fc13 / gnome-python2-extras-2.25.3-19.fc13 / etc (2010-10361) | Nessus | Fedora Local Security Checks | critical |
| 47223 | Fedora 12 : firefox-3.5.10-1.fc12 / galeon-2.0.7-23.fc12 / gnome-python2-extras-2.25.3-18.fc12 / etc (2010-10344) | Nessus | Fedora Local Security Checks | critical |
| 47222 | Fedora 12 : seamonkey-2.0.5-1.fc12 (2010-10329) | Nessus | Fedora Local Security Checks | critical |
| 47153 | Debian DSA-2064-1 : xulrunner - several vulnerabilities | Nessus | Debian Local Security Checks | high |
| 47130 | FreeBSD : mozilla -- multiple vulnerabilities (99858b7c-7ece-11df-a007-000f20797ede) | Nessus | FreeBSD Local Security Checks | critical |
| 47129 | CentOS 5 : firefox (CESA-2010:0501) | Nessus | CentOS Local Security Checks | critical |
| 800758 | Firefox < 3.5.10 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 5581 | SeaMonkey < 2.0.5 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 5579 | Mozilla Firefox < 3.5.10 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 47126 | SeaMonkey < 2.0.5 Multiple Vulnerabilities | Nessus | Windows | high |
| 47123 | Firefox < 3.5.10 Multiple Vulnerabilities | Nessus | Windows | high |
| 47119 | RHEL 5 : firefox (RHSA-2010:0501) | Nessus | Red Hat Local Security Checks | critical |
| 47118 | RHEL 4 : firefox (RHSA-2010:0500) | Nessus | Red Hat Local Security Checks | critical |
| 47117 | RHEL 3 / 4 : seamonkey (RHSA-2010:0499) | Nessus | Red Hat Local Security Checks | critical |