CVE-2010-1208

high

Description

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=572986

http://www.zerodayinitiative.com/advisories/ZDI-10-134/

http://www.mozilla.org/security/announce/2010/mfsa2010-35.html

Details

Source: Mitre, NVD

Published: 2010-07-30

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01487