Lucene search

K
mozillaMozilla FoundationMFSA2010-28
HistoryJun 22, 2010 - 12:00 a.m.

Freed object reuse across plugin instances — Mozilla

2010-06-2200:00:00
Mozilla Foundation
www.mozilla.org
20

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.182 Low

EPSS

Percentile

96.1%

Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim’s computer.

CPENameOperatorVersion
firefoxlt3.5.10
firefoxlt3.6.4
seamonkeylt2.0.5

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.182 Low

EPSS

Percentile

96.1%