Lucene search
RegenrechtZDI-10-131HistoryJul 20, 2010 - 12:00 a.m.
Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
2010-07-2000:00:00
regenrecht
www.zerodayinitiative.com
37
0.132 Low
EPSS
Percentile
95.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of XUL element’s “selection” attribute. There is an integer overflow when calculating the bounds of a new selection range. When calling adjustSelection on this manged range both ranges are deleted leaving a dangling reference. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
Related
nessus
nessus
Mozilla Thunderbird < 3.1.3 Multiple Vulnerabilities
2010-09-08 00:00:00
Mozilla Thunderbird 3.0.x < 3.0.7 Multiple Vulnerabilities
2010-09-08 00:00:00
SeaMonkey < 2.0.7 Multiple Vulnerabilities
2010-09-08 00:00:00
threatpost
threatpost
Mozilla Patches Firefox DLL Load Hijacking Bug
2010-09-08 14:01:59
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-40
2010-07-24 00:00:00
ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
2010-07-24 00:00:00
Mozilla Foundation Security Advisory 2010-54
2010-09-10 00:00:00
prion
prion
Integer overflow
2010-07-30 20:30:00
Design/Logic Flaw
2010-09-09 19:00:00
ubuntucve
ubuntucve
CVE-2010-2753
2010-07-23 00:00:00
CVE-2010-2760
2010-09-07 00:00:00
nvd
nvd
CVE-2010-2753
2010-07-30 20:30:02
CVE-2010-2760
2010-09-09 19:00:02
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:45:43
cve
cve
CVE-2010-2753
2010-07-30 20:30:02
CVE-2010-2760
2010-09-09 19:00:02
mozilla
mozilla
Dangling pointer vulnerability in nsTreeSelection — Mozilla
2010-09-07 00:00:00
cvelist
cvelist
CVE-2010-2753
2010-07-30 20:00:00
CVE-2010-2760
2010-09-09 18:00:00
zdi
zdi
openvas
openvas
Mandriva Update for mozilla-thunderbird MDVSA-2010:169 (mozilla-thunderbird)
2010-09-07 00:00:00
RedHat Update for seamonkey RHSA-2010:0546-01
2010-07-23 00:00:00
CentOS Update for seamonkey CESA-2010:0546 centos3 i386
2010-08-20 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2010-07-21 00:00:00
thunderbird security update
2010-07-21 00:00:00
firefox security update
2010-07-21 00:00:00
redhat
redhat
(RHSA-2010:0546) Critical: seamonkey security update
2010-07-20 00:00:00
(RHSA-2010:0544) Moderate: thunderbird security update
2010-07-20 00:00:00
(RHSA-2010:0545) Critical: thunderbird security update
2010-07-20 00:00:00
centos
centos
seamonkey security update
2010-08-16 21:36:58
thunderbird security update
2010-08-06 23:32:55
thunderbird security update
2010-07-22 14:50:56
ubuntu
ubuntu
Thunderbird vulnerabilities
2010-07-26 00:00:00
Firefox and Xulrunner vulnerabilities
2010-07-23 00:00:00
debian
debian
[SECURITY] [DSA 2075-1] New xulrunner packages fix several vulnerabilities
2010-07-27 19:47:37
[Backports-security-announce] Security Update for xulrunner
2010-07-21 09:30:33
[Backports-security-announce] Security Update for xulrunner
2010-07-21 09:30:16
osv
osv
xulrunner - several vulnerabilities
2010-07-27 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: thunderbird-3.1.1-1.fc13
2010-07-23 02:48:57
[SECURITY] Fedora 13 Update: sunbird-1.0-0.26.b2pre.fc13
2010-07-23 02:48:57
[SECURITY] Fedora 13 Update: seamonkey-2.0.6-1.fc13
2010-07-23 02:31:36
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-07-20 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2010-10-12 16:13:47