CVE-2010-1121

critical

Description

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924

https://bugzilla.mozilla.org/show_bug.cgi?id=555109

http://www.vupen.com/english/advisories/2010/1773

http://www.vupen.com/english/advisories/2010/1640

http://www.vupen.com/english/advisories/2010/1592

http://www.vupen.com/english/advisories/2010/1557

http://www.ubuntu.com/usn/usn-930-2

http://www.securitytracker.com/id?1023817

http://www.redhat.com/support/errata/RHSA-2010-0501.html

http://www.redhat.com/support/errata/RHSA-2010-0500.html

http://www.mozilla.org/security/announce/2010/mfsa2010-25.html

http://ubuntu.com/usn/usn-930-1

http://twitter.com/thezdi/statuses/11005277222

http://support.avaya.com/css/P8/documents/100091069

http://secunia.com/advisories/40481

http://secunia.com/advisories/40401

http://secunia.com/advisories/40326

http://secunia.com/advisories/40323

http://news.cnet.com/8301-27080_3-20001126-245.html

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html

http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010

Details

Source: Mitre, NVD

Published: 2010-03-25

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical