CVE-2010-1121

HIGH

Description

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.

References

http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html

http://news.cnet.com/8301-27080_3-20001126-245.html

http://secunia.com/advisories/40323

http://secunia.com/advisories/40326

http://secunia.com/advisories/40401

http://secunia.com/advisories/40481

http://support.avaya.com/css/P8/documents/100091069

http://twitter.com/thezdi/statuses/11005277222

http://ubuntu.com/usn/usn-930-1

http://www.mozilla.org/security/announce/2010/mfsa2010-25.html

http://www.redhat.com/support/errata/RHSA-2010-0500.html

http://www.redhat.com/support/errata/RHSA-2010-0501.html

http://www.securitytracker.com/id?1023817

http://www.ubuntu.com/usn/usn-930-2

http://www.vupen.com/english/advisories/2010/1557

http://www.vupen.com/english/advisories/2010/1592

http://www.vupen.com/english/advisories/2010/1640

http://www.vupen.com/english/advisories/2010/1773

https://bugzilla.mozilla.org/show_bug.cgi?id=555109

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844

Details

Source: MITRE

Published: 2010-03-25

Updated: 2017-09-19

Type: CWE-94

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH