CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
95.0%
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
mozilla | firefox | 0.1 | cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:* |
mozilla | firefox | 0.2 | cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:* |
mozilla | firefox | 0.3 | cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:* |
mozilla | firefox | 0.4 | cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:* |
mozilla | firefox | 0.5 | cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:* |
mozilla | firefox | 0.6 | cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:* |
mozilla | firefox | 0.6.1 | cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:* |
mozilla | firefox | 0.7 | cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:* |
mozilla | firefox | 0.7.1 | cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html
lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html
lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html
lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
secunia.com/advisories/38566
secunia.com/advisories/39117
secunia.com/advisories/39136
secunia.com/advisories/39204
secunia.com/advisories/39240
secunia.com/advisories/39242
secunia.com/advisories/39243
secunia.com/advisories/39308
secunia.com/advisories/39397
securitytracker.com/id?1023780
securitytracker.com/id?1023782
ubuntu.com/usn/usn-921-1
www.debian.org/security/2010/dsa-2027
www.mandriva.com/security/advisories?name=MDVSA-2010:070
www.mozilla.org/security/announce/2010/mfsa2010-17.html
www.redhat.com/support/errata/RHSA-2010-0332.html
www.redhat.com/support/errata/RHSA-2010-0333.html
www.securityfocus.com/archive/1/510542/100/0/threaded
www.vupen.com/english/advisories/2010/0748
www.vupen.com/english/advisories/2010/0764
www.vupen.com/english/advisories/2010/0765
www.vupen.com/english/advisories/2010/0781
www.vupen.com/english/advisories/2010/0790
www.vupen.com/english/advisories/2010/0849
www.zerodayinitiative.com/advisories/ZDI-10-050
bugzilla.mozilla.org/show_bug.cgi?id=375928
bugzilla.mozilla.org/show_bug.cgi?id=540100
exchange.xforce.ibmcloud.com/vulnerabilities/57390
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7546
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9834