CVE-2010-1208

HIGH

Description

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.

References

http://www.mozilla.org/security/announce/2010/mfsa2010-35.html

http://www.securityfocus.com/archive/1/512515

http://www.securityfocus.com/bid/41849

http://www.zerodayinitiative.com/advisories/ZDI-10-134/

https://bugzilla.mozilla.org/show_bug.cgi?id=572986

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740

Details

Source: MITRE

Published: 2010-07-30

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH