10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.247 Low
EPSS
Percentile
96.7%
Security researcher Bill Keese reported a memory corruption. This is caused by JSDependentString::undepend changing a dependent string into a fixed string when there are additional dependent strings relying on the same base. When the undepend occurs during conversion, the base data is freed, leaving other dependent strings with dangling pointers. This can lead to a potentially exploitable crash.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 14 | |
firefox esr | lt | 10.0.6 | |
seamonkey | lt | 2.11 | |
thunderbird | lt | 14 | |
thunderbird esr | lt | 10.0.6 |