Lucene search

K

[email protected]CVE-2010-0175

HistoryApr 05, 2010 - 5:30 p.m.

CVE-2010-0175

2010-04-0517:30:00

CWE-399

[email protected]

web.nvd.nist.gov

40

cve-2010-0175

use-after-free vulnerability

nstreeselection

mozilla firefox

thunderbird

seamonkey

remote code execution

denial of service

9.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.091 Low

EPSS

Percentile

94.5%

Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq0.1
mozilla:firefoxmozilla firefoxeq0.8
mozilla:firefoxmozilla firefoxeq2.0.0.12
mozilla:firefoxmozilla firefoxeq1.5
mozilla:firefoxmozilla firefoxeq3.5.3
mozilla:firefoxmozilla firefoxeq3.0.7
mozilla:firefoxmozilla firefoxeq1.5.2
mozilla:firefoxmozilla firefoxeq3.0.9
mozilla:firefoxmozilla firefoxeq1.5.0.6
mozilla:firefoxmozilla firefoxeq2.0.0.2

Rows per page:

1-10 of 1891

References

lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html

lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html

lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html

lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

secunia.com/advisories/38566

secunia.com/advisories/39117

secunia.com/advisories/39136

secunia.com/advisories/39204

secunia.com/advisories/39240

secunia.com/advisories/39242

secunia.com/advisories/39243

secunia.com/advisories/39308

secunia.com/advisories/39397

securitytracker.com/id?1023780

securitytracker.com/id?1023782

ubuntu.com/usn/usn-921-1

www.debian.org/security/2010/dsa-2027

www.mandriva.com/security/advisories?name=MDVSA-2010:070

www.mozilla.org/security/announce/2010/mfsa2010-17.html

www.redhat.com/support/errata/RHSA-2010-0332.html

www.redhat.com/support/errata/RHSA-2010-0333.html

www.securityfocus.com/archive/1/510542/100/0/threaded

www.vupen.com/english/advisories/2010/0748

www.vupen.com/english/advisories/2010/0764

www.vupen.com/english/advisories/2010/0765

www.vupen.com/english/advisories/2010/0781

www.vupen.com/english/advisories/2010/0790

www.vupen.com/english/advisories/2010/0849

www.zerodayinitiative.com/advisories/ZDI-10-050

bugzilla.mozilla.org/show_bug.cgi?id=375928

bugzilla.mozilla.org/show_bug.cgi?id=540100

exchange.xforce.ibmcloud.com/vulnerabilities/57390

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7546

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9834

9.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.091 Low

EPSS

Percentile

94.5%

Related for CVE-2010-0175

mozilla1 securityvulns4 zdi1 openvas93 seebug1 ubuntucve1 veracode1 prion1 oraclelinux3 redhat4 fedora34 nessus45 centos4 debian1 osv1 ubuntu2 freebsd1 suse1