← Voltar para CVEs
CVE-2010-1208
HIGH8.8
Descricao
Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado7/30/2010
Ultima modificacao4/11/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
mozilla:firefoxmozilla:seamonkey
Fraquezas (CWE)
CWE-416
Referencias
http://www.securityfocus.com/archive/1/512515(cve@mitre.org)
http://www.securityfocus.com/bid/41849(cve@mitre.org)
http://www.zerodayinitiative.com/advisories/ZDI-10-134/(cve@mitre.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=572986(cve@mitre.org)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740(cve@mitre.org)
http://www.mozilla.org/security/announce/2010/mfsa2010-35.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/512515(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/41849(af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-10-134/(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=572986(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.