Lucene search
Nils of MWR InfoSecurity (http://twitter.com/MWRlabs)ZDI-10-063HistoryApr 05, 2010 - 12:00 a.m.
Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability
2010-04-0500:00:00
Nils of MWR InfoSecurity (http://twitter.com/MWRlabs)
www.zerodayinitiative.com
30
EPSS
0.239
Percentile
96.6%
This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when moving DOM nodes in between documents with a specific timing while triggering garbage collection. If timed correctly Firefox will incorrectly reference a previously freed object which can be leveraged by an attacker to execute arbitrary code under the context of the current user.
Related
openvas
openvas
FreeBSD Ports: firefox
2010-04-21 00:00:00
FreeBSD Ports: firefox
2010-04-21 00:00:00
Mandriva Update for mozilla-thunderbird MDVSA-2010:126 (mozilla-thunderbird)
2010-06-25 00:00:00
cvelist
cvelist
CVE-2010-1121
2010-03-25 20:31:00
nessus
nessus
Fedora 13 : firefox-3.6.3-1.fc13 / xulrunner-1.9.2.3-1.fc13 (2010-6204)
2010-07-01 00:00:00
Firefox 3.6 < 3.6.3 Remote Code Execution
2010-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: firefox-3.6.3-1.fc13
2010-04-09 04:02:59
[SECURITY] Fedora 13 Update: xulrunner-1.9.2.3-1.fc13
2010-04-09 04:02:59
[SECURITY] Fedora 12 Update: galeon-2.0.7-23.fc12
2010-06-24 16:26:47
freebsd
freebsd
firefox -- Re-use of freed object due to scope confusion
2010-04-01 00:00:00
mozilla -- multiple vulnerabilities
2010-06-22 00:00:00
ubuntucve
ubuntucve
CVE-2010-1121
2010-03-25 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-25
2010-04-06 00:00:00
nvd
nvd
CVE-2010-1121
2010-03-25 21:00:01
cve
cve
CVE-2010-1121
2010-03-25 21:00:01
seebug
seebug
Mozilla Firefox 3.6浏览器DOM节点移动释放后使用漏洞
2010-04-08 00:00:00
veracode
veracode
Use-after-free
2020-04-10 00:43:44
prion
prion
Design/Logic Flaw
2010-03-25 21:00:00
mozilla
mozilla
Re-use of freed object due to scope confusion — Mozilla
2010-04-01 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2010-07-06 00:00:00
Firefox and Xulrunner vulnerabilities
2010-06-29 00:00:00
Firefox regression
2010-06-30 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla-xulrunner191
2010-07-09 14:53:59
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
oraclelinux
oraclelinux
firefox security, bug fix, and enhancement update
2010-06-23 00:00:00
firefox security, bug fix, and enhancement update
2010-06-23 00:00:00
centos
centos
firefox security update
2010-08-06 23:15:15
devhelp, esc, firefox, gnome, totem, xulrunner, yelp security update
2010-06-24 16:14:16
redhat
redhat
(RHSA-2010:0500) Critical: firefox security, bug fix, and enhancement update
2010-06-22 00:00:00
(RHSA-2010:0501) Critical: firefox security, bug fix, and enhancement update
2010-06-22 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00