layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.

CPENameOperatorVersion
firefoxeq3.6.7

CPE	Name	Operator	Version
	firefox	eq	3.6.7

References

www.mozilla.org/security/announce/2010/mfsa2010-48.html

bugzilla.mozilla.org/show_bug.cgi?id=575836

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11961

openvas 81

cve 2

ubuntucve 2

nessus 49

checkpoint_advisories 2

veracode 2

exploitpack 1

securityvulns 4

seebug 2

mozilla 2

oraclelinux 6

fedora 18

redhat 7

centos 7

freebsd 2

prion 1

packetstorm 1

zdi 1

exploitdb 1

ubuntu 3

suse 1

debian 3

osv 1

openvas

FreeBSD Ports: firefox

2010-08-21 00:00:00

Mandriva Update for firefox MDVSA-2010:147 (firefox)

2010-08-13 00:00:00

FreeBSD Ports: firefox

2010-08-21 00:00:00

cve

CVE-2010-2755

2010-07-30 13:26:00

CVE-2010-1214

2010-07-30 20:30:00

ubuntucve

CVE-2010-2755

2010-07-24 00:00:00

CVE-2010-1214

2010-07-23 00:00:00

nessus

Mandriva Linux Security Advisory : firefox (MDVSA-2010:147)

2010-08-12 00:00:00

RHEL 5 : firefox (RHSA-2010:0556)

2010-07-28 00:00:00

RHEL 3 / 4 : seamonkey (RHSA-2010:0557)

2010-07-28 00:00:00

checkpoint_advisories

Mozilla Products EnsureCachedAttrParamArrays Integer Overflow (CVE-2010-1214)

2010-11-14 00:00:00

Mozilla Firefox Plugin Parameter Array Dangling Pointer (CVE-2010-2755)

2010-08-29 00:00:00

veracode

Arbitrary Code Execution

2020-04-10 00:45:42

Arbitrary Code Execution

2020-04-10 00:46:26

exploitpack

Mozilla Firefox 3.6.4 - Plugin EnsureCachedAttrParamArrays Remote Code Execution

2010-09-17 00:00:00

securityvulns

ZDI-10-132: Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability

2010-07-24 00:00:00

Mozilla Foundation Security Advisory 2010-48

2010-07-24 00:00:00

Mozilla Foundation Security Advisory 2010-37

2010-07-24 00:00:00

seebug

Firefox Plugin Parameter EnsureCachedAttrParamArrays - Remote Code Execution

2014-07-01 00:00:00

Mozilla Firefox 3.6.7 插件参数引用悬停指针漏洞

2010-07-27 00:00:00

mozilla

Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability — Mozilla

2010-07-20 00:00:00

Dangling pointer crash regression from plugin parameter array fix — Mozilla

2010-07-20 00:00:00

oraclelinux

firefox security update

2010-07-26 00:00:00

seamonkey security update

2010-07-26 00:00:00

firefox security update

2010-07-26 00:00:00

fedora

[SECURITY] Fedora 13 Update: xulrunner-1.9.2.7-2.fc13

2010-07-27 02:49:48

[SECURITY] Fedora 12 Update: xulrunner-1.9.1.11-2.fc12

2010-07-27 02:45:31

[SECURITY] Fedora 12 Update: perl-Gtk2-MozEmbed-0.08-6.fc12.14

2010-07-23 02:47:25

redhat

(RHSA-2010:0556) Critical: firefox security update

2010-07-23 00:00:00

(RHSA-2010:0558) Critical: firefox security update

2010-07-23 00:00:00

(RHSA-2010:0557) Critical: seamonkey security update

2010-07-23 00:00:00

centos

firefox, xulrunner security update

2010-07-27 09:39:16

firefox security update

2010-08-06 23:21:00

seamonkey security update

2010-07-27 14:23:17

freebsd

firefox -- Dangling pointer crash regression from plugin parameter array fix

2010-07-20 00:00:00

mozilla -- multiple vulnerabilities

2010-07-20 00:00:00

prion

Integer overflow

2010-07-30 20:30:00

packetstorm

Month Of Abysssec Undisclosed Bugs - Firefox Plugin Parameter

2010-09-18 00:00:00

zdi

Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability

2010-07-20 00:00:00

exploitdb

Mozilla Firefox 3.6.4 - 'Plugin' EnsureCachedAttrParamArrays Remote Code Execution

2010-09-17 00:00:00

ubuntu

Firefox and Xulrunner vulnerability

2010-07-26 00:00:00

Firefox and Xulrunner vulnerability

2010-07-26 00:00:00

Firefox and Xulrunner vulnerabilities

2010-07-23 00:00:00

suse

remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey

2010-07-30 13:10:04

debian

[SECURITY] [DSA 2075-1] New xulrunner packages fix several vulnerabilities

2010-07-27 19:47:37

[Backports-security-announce] Security Update for xulrunner

2010-07-21 09:30:33

[Backports-security-announce] Security Update for xulrunner

2010-07-21 09:30:16

osv

xulrunner - several vulnerabilities

2010-07-27 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.251 Low

EPSS

Percentile

96.6%

JSON

Related for PRION:CVE-2010-2755