CVE-2010-2760

2010-09-0919:00:00

CWE-399

[email protected]

web.nvd.nist.gov

cve

2010

2760

mozilla

firefox

thunderbird

seamonkey

vulnerability

xul

tree selection

remote execution

arbitrary code

nvd

9.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.129 Low

EPSS

Percentile

95.4%

JSON

Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a “dangling pointer vulnerability.” NOTE: this issue exists because of an incomplete fix for CVE-2010-2753.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq3.6.2
mozilla:firefoxmozilla firefoxeq3.6.3
mozilla:firefoxmozilla firefoxeq3.6.8
mozilla:firefoxmozilla firefoxeq3.6.6
mozilla:firefoxmozilla firefoxeq3.6.7
mozilla:firefoxmozilla firefoxeq3.6.4
mozilla:firefoxmozilla firefoxeq3.6
mozilla:seamonkeymozilla seamonkeyeq1.1.10
mozilla:seamonkeymozilla seamonkeyeq1.0.3
mozilla:seamonkeymozilla seamonkeyeq1.1.8

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	3.6.2
mozilla:firefox	mozilla firefox	eq	3.6.3
mozilla:firefox	mozilla firefox	eq	3.6.8
mozilla:firefox	mozilla firefox	eq	3.6.6
mozilla:firefox	mozilla firefox	eq	3.6.7
mozilla:firefox	mozilla firefox	eq	3.6.4
mozilla:firefox	mozilla firefox	eq	3.6
mozilla:seamonkey	mozilla seamonkey	eq	1.1.10
mozilla:seamonkey	mozilla seamonkey	eq	1.0.3
mozilla:seamonkey	mozilla seamonkey	eq	1.1.8