CVE-2010-1208

high

Description

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=572986

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740

http://www.mozilla.org/security/announce/2010/mfsa2010-35.html

http://www.zerodayinitiative.com/advisories/ZDI-10-134/

Details

Published: 2010-07-30

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High