Published: 25/03/2010 Updated: 19/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Mozilla Firefox 3.6.x prior to 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote malicious users to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.6.1
mozilla firefox 3.6.2
mozilla firefox 3.6

Firefox could be made to run programs as your login if it opened a specially crafted file or website ...

This update fixes a problem with Firefox not installing alongside the old Firefox 2 package ...

Firefox could be made to run programs as your login if it opened a specially crafted file or website ...

Martin Barbella discovered an integer overflow in an XSLT node sorting routine An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2010-1199) ...

This update is for use with the new Xulrunner provided in USN-930-1 ...

This update is for use with the new Xulrunner provided in USN-930-4 ...

Firefox could be made to run programs as your login if it opened a specially crafted file or website ...

Mozilla Foundation Security Advisory 2010-25 Re-use of freed object due to scope confusion Announced April 1, 2010 Reporter Nils (MWR InfoSecurity) Impact Critical Products Firefox, SeaMonkey, Thunderbird Fixed in ...

CWE-94 http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://news.cnet.com/8301-27080_3-20001126-245.html http://twitter.com/thezdi/statuses/11005277222 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html https://bugzilla.mozilla.org/show_bug.cgi?id=555109 http://www.securitytracker.com/id?1023817 http://www.redhat.com/support/errata/RHSA-2010-0501.html http://www.vupen.com/english/advisories/2010/1557 http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://www.redhat.com/support/errata/RHSA-2010-0500.html http://support.avaya.com/css/P8/documents/100091069 http://www.vupen.com/english/advisories/2010/1640 http://ubuntu.com/usn/usn-930-1 http://secunia.com/advisories/40401 http://www.ubuntu.com/usn/usn-930-2 http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40481 http://www.vupen.com/english/advisories/2010/1773 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://www.vupen.com/english/advisories/2010/1592 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924 https://nvd.nist.gov https://usn.ubuntu.com/930-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-1121

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect