Lucene search

K

Mozilla FoundationMFSA2010-19

HistoryMar 30, 2010 - 12:00 a.m.

Dangling pointer vulnerability in nsPluginArray — Mozilla

2010-03-3000:00:00

Mozilla Foundation

www.mozilla.org

26

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.43

Percentile

97.4%

Security researcher regenrecht reported via TippingPoint’s Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim’s browser and run arbitrary code on the victim’s machine.

Affected configurations

Vulners

Node

mozillafirefoxRange<3.0.19

OR

mozillafirefoxRange<3.5.9

OR

mozillafirefoxRange<3.6.2

OR

mozillaseamonkeyRange<2.0.4

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177

bugzilla.mozilla.org/show_bug.cgi?id=538310

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.43

Percentile

97.4%

Related for MFSA2010-19

seebug1 zdi1 cvelist1 prion1 ubuntucve1 nvd1 securityvulns5 cve1 veracode1 openvas93 redhat4 oraclelinux3 centos4 nessus46 debian3 osv1 ubuntu2 fedora28 freebsd1 suse1