Published: 10/12/2010 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Mozilla Firefox prior to 3.5.16 and 3.6.x prior to 3.6.13, and SeaMonkey prior to 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote malicious users to execute arbitrary code via vectors involving a DIV element within a treechildren element.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.6.2
mozilla firefox 3.6.3
mozilla firefox 3.6.9
mozilla firefox 3.6.11
mozilla firefox 3.6.4
mozilla firefox 3.6.6
mozilla firefox 3.6.12
mozilla firefox 3.6.8
mozilla firefox 3.6.10
mozilla firefox 3.6.7
mozilla firefox 3.6
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.8
mozilla seamonkey 1.1.9
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.8
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.5
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.6
mozilla seamonkey 1.1.7
mozilla seamonkey 1.5.0.9
mozilla seamonkey 2.0.9
mozilla seamonkey
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.4
mozilla seamonkey 1.5.0.10
mozilla seamonkey 1.5.0.8
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.8
mozilla firefox 2.0.0.14
mozilla firefox 0.9.1
mozilla firefox 0.9
mozilla firefox 1.0.3
mozilla firefox 1.5
mozilla firefox 1.0.8
mozilla firefox 2.0.0.16
mozilla firefox 2.0.0.11
mozilla firefox 1.0
mozilla firefox 0.3
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.2
mozilla firefox 1.5.3
mozilla firefox 1.5.4
mozilla firefox 2.0
mozilla firefox 1.8
mozilla firefox 3.0.15
mozilla firefox 2.0.0.4
mozilla firefox 2.0.0.12
mozilla firefox 3.0.1
mozilla firefox 0.9.3
mozilla firefox 0.9.2
mozilla firefox 1.0.2
mozilla firefox 3.0
mozilla firefox 3.0.17
mozilla firefox 3.5.11
mozilla firefox 1.4.1
mozilla firefox 2.0.0.15
mozilla firefox 0.4
mozilla firefox 0.5
mozilla firefox 0.6
mozilla firefox 1.5.0.3
mozilla firefox 0.8
mozilla firefox 0.10.1
mozilla firefox 2.0.0.20
mozilla firefox 1.0.6
mozilla firefox 2.0.0.9
mozilla firefox 2.0.0.10
mozilla firefox 3.0.16
mozilla firefox 0.7.1
mozilla firefox 3.5.2
mozilla firefox 0.2
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla firefox 2.0.0.6
mozilla firefox 2.0.0.5
mozilla firefox 3.0.14
mozilla firefox 3.5.10
mozilla firefox 3.0.12
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.13
mozilla firefox 2.0.0.18
mozilla firefox 3.5
mozilla firefox 3.5.6
mozilla firefox
mozilla firefox 1.5.0.11
mozilla firefox 1.5.1
mozilla firefox 1.5.2
mozilla firefox 1.5.8
mozilla firefox 1.5.7
mozilla firefox 2.0.0.3
mozilla firefox 2.0.0.2
mozilla firefox 3.0.3
mozilla firefox 3.5.13
mozilla firefox 3.0.8
mozilla firefox 3.5.9
mozilla firefox 3.5.5
mozilla firefox 3.5.14
mozilla firefox 3.5.12
mozilla firefox 3.0.6
mozilla firefox 3.0.10
mozilla firefox 3.5.7
mozilla firefox 3.5.8
mozilla firefox 2.0.0.19
mozilla firefox 0.10
mozilla firefox 1.0.1
mozilla firefox 3.0.5
mozilla firefox 1.0.5
mozilla firefox 1.0.4
mozilla firefox 1.0.7
mozilla firefox 3.0.7
mozilla firefox 2.0.0.17
mozilla firefox 0.6.1
mozilla firefox 0.7
mozilla firefox 3.0.9
mozilla firefox 0.1
mozilla firefox 2.0.0.7
mozilla firefox 1.5.0.12
mozilla firefox 1.5.0.8
mozilla firefox 1.5.0.9
mozilla firefox 1.5.6
mozilla firefox 1.5.5
mozilla firefox 3.0.2
mozilla firefox 2.0.0.1
mozilla firefox 3.5.1
mozilla firefox 3.0.11
mozilla firefox 3.0.4
mozilla firefox 3.0.13
mozilla firefox 3.5.3
mozilla firefox 3.5.4

Firefox could be made to crash or run programs as your login if it opened a specially crafted website ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications The Common Vulnerabilities and Exposures project identifies the following problems: For the stable distribution (lenny), these problems have been fixed in version 19019-7 For the upcoming stable version (squeeze) and the unstable distri ...

Mozilla Foundation Security Advisory 2010-77 Crash and remote code execution using HTML tags inside a XUL tree Announced December 9, 2010 Reporter wushi Impact Critical Products Firefox, SeaMonkey Fixed in ...

CWE-189 https://bugzilla.mozilla.org/show_bug.cgi?id=594547 http://www.mozilla.org/security/announce/2010/mfsa2010-77.html http://www.securityfocus.com/bid/45351 http://www.redhat.com/support/errata/RHSA-2010-0968.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html http://secunia.com/advisories/42716 http://www.ubuntu.com/usn/USN-1019-1 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html http://www.redhat.com/support/errata/RHSA-2010-0967.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html http://support.avaya.com/css/P8/documents/100124650 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html http://www.redhat.com/support/errata/RHSA-2010-0966.html http://www.securitytracker.com/id?1024848 http://www.debian.org/security/2010/dsa-2132 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://www.vupen.com/english/advisories/2011/0030 http://www.mandriva.com/security/advisories?name=MDVSA-2010:251 http://secunia.com/advisories/42818 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12324 https://usn.ubuntu.com/1019-1/https://nvd.nist.gov

Get Started

CVE-2010-3772

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect