CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
94.4%
Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | 3.5.1 | cpe:/a:mozilla:firefox:3.5.1::: |
mozilla | firefox | 3.5.6 | cpe:/a:mozilla:firefox:3.5.6::: |
mozilla | firefox | 3.6.3 | cpe:/a:mozilla:firefox:3.6.3::: |
mozilla | firefox | 3.5.9 | cpe:/a:mozilla:firefox:3.5.9::: |
mozilla | firefox | 3.5.7 | cpe:/a:mozilla:firefox:3.5.7::: |
mozilla | firefox | 3.5.5 | cpe:/a:mozilla:firefox:3.5.5::: |
mozilla | firefox | 3.6.4 | cpe:/a:mozilla:firefox:3.6.4::: |
mozilla | firefox | 3.6.6 | cpe:/a:mozilla:firefox:3.6.6::: |
mozilla | firefox | 3.6.1 | cpe:/a:mozilla:firefox:3.6.1::: |
mozilla | firefox | 3.5.4 | cpe:/a:mozilla:firefox:3.5.4::: |