← Volver a CVEs
CVE-2010-1208
HIGH8.8
Descripcion
Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado7/30/2010
Ultima modificacion4/29/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
mozilla:firefoxmozilla:seamonkey
Debilidades (CWE)
CWE-416
Referencias
http://www.securityfocus.com/archive/1/512515(cve@mitre.org)
http://www.securityfocus.com/bid/41849(cve@mitre.org)
http://www.zerodayinitiative.com/advisories/ZDI-10-134/(cve@mitre.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=572986(cve@mitre.org)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740(cve@mitre.org)
http://www.mozilla.org/security/announce/2010/mfsa2010-35.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/512515(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/41849(af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-10-134/(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=572986(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.