Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2010-1121
HistoryMar 25, 2010 - 12:00 a.m.

CVE-2010-1121

2010-03-2500:00:00
ubuntu.com
ubuntu.com
16

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.239

Percentile

96.6%

JSON

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of
DOM nodes that are moved from one document to another, which allows remote
attackers to conduct use-after-free attacks and execute arbitrary code via
unspecified vectors involving improper interaction with garbage collection,
as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.

Notes

Author Note
jdstrand CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package.
mdeslaur although done on Win7, may not be windows-specific
jdstrand thunderbird 2 not affected
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchfirefox< 3.6.6+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu10.04noarchthunderbird< 3.0.5+build2+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu8.04noarchxulrunner-1.9.2< 1.9.2.6+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu9.04noarchxulrunner-1.9.2< 1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2UNKNOWN
ubuntu9.10noarchxulrunner-1.9.2< 1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2UNKNOWN
ubuntu10.04noarchxulrunner-1.9.2< 1.9.2.6+nobinonly-0ubuntu0.10.04.1UNKNOWN

Related

freebsd 2
securityvulns 3
nvd 1
cve 1
zdi 1
openvas 55
fedora 13
cvelist 1
nessus 37
seebug 1
veracode 1
prion 1
mozilla 1
ubuntu 7
suse 2
oraclelinux 2
centos 2
redhat 2
gentoo 1
freebsd
freebsd
firefox -- Re-use of freed object due to scope confusion
2010-04-01 00:00:00
mozilla -- multiple vulnerabilities
2010-06-22 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-25
2010-04-06 00:00:00
ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability
2010-04-06 00:00:00
Многочисленные уязвимости в Mozilla Firefox / Seamonkey multiple security vulnerabilities
2013-08-20 00:00:00
nvd
nvd
CVE-2010-1121
2010-03-25 21:00:01
cve
cve
CVE-2010-1121
2010-03-25 21:00:01
zdi
zdi
Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability
2010-04-05 00:00:00
openvas
openvas
FreeBSD Ports: firefox
2010-04-21 00:00:00
FreeBSD Ports: firefox
2010-04-21 00:00:00
Mandriva Update for mozilla-thunderbird MDVSA-2010:126 (mozilla-thunderbird)
2010-06-25 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: xulrunner-1.9.2.3-1.fc13
2010-04-09 04:02:59
[SECURITY] Fedora 13 Update: firefox-3.6.3-1.fc13
2010-04-09 04:02:59
[SECURITY] Fedora 12 Update: firefox-3.5.10-1.fc12
2010-06-24 16:26:47
cvelist
cvelist
CVE-2010-1121
2010-03-25 20:31:00
nessus
nessus
Fedora 13 : firefox-3.6.3-1.fc13 / xulrunner-1.9.2.3-1.fc13 (2010-6204)
2010-07-01 00:00:00
Firefox 3.6 < 3.6.3 Remote Code Execution
2010-04-02 00:00:00
FreeBSD : firefox -- Re-use of freed object due to scope confusion (ec8f449f-40ed-11df-9edc-000f20797ede)
2010-04-09 00:00:00
seebug
seebug
Mozilla Firefox 3.6浏览器DOM节点移动释放后使用漏洞
2010-04-08 00:00:00
veracode
veracode
Use-after-free
2020-04-10 00:43:44
prion
prion
Design/Logic Flaw
2010-03-25 21:00:00
mozilla
mozilla
Re-use of freed object due to scope confusion — Mozilla
2010-04-01 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2010-07-06 00:00:00
Firefox and Xulrunner vulnerabilities
2010-06-29 00:00:00
Firefox regression
2010-06-30 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla-xulrunner191
2010-07-09 14:53:59
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
oraclelinux
oraclelinux
firefox security, bug fix, and enhancement update
2010-06-23 00:00:00
firefox security, bug fix, and enhancement update
2010-06-23 00:00:00
centos
centos
firefox security update
2010-08-06 23:15:15
devhelp, esc, firefox, gnome, totem, xulrunner, yelp security update
2010-06-24 16:14:16
redhat
redhat
(RHSA-2010:0501) Critical: firefox security, bug fix, and enhancement update
2010-06-22 00:00:00
(RHSA-2010:0500) Critical: firefox security, bug fix, and enhancement update
2010-06-22 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.239

Percentile

96.6%

JSON
Related for UB:CVE-2010-1121
freebsd2securityvulns3nvd1cve1zdi1openvas55fedora13cvelist1nessus37seebug1veracode1prion1mozilla1ubuntu7suse2oraclelinux2centos2redhat2gentoo1