9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.091 Low
EPSS
Percentile
94.5%
Use-after-free vulnerability in the nsTreeSelection implementation in
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before
3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute
arbitrary code or cause a denial of service (application crash) via
unspecified vectors that trigger a call to the handler for the select event
for XUL tree items.
Author | Note |
---|---|
jdstrand | per Chris Coulson, tbird requires javascript to be enabled |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | <ย 3.6.3+nobinonly-0ubuntu2 | UNKNOWN |
ubuntu | 8.04 | noarch | seamonkey | <ย 2.0.8+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 9.04 | noarch | seamonkey | <ย 2.0.8+build1+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | seamonkey | <ย 2.0.8+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
ubuntu | 10.04 | noarch | seamonkey | <ย 2.0.8+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | <ย 3.0.4+nobinonly-0ubuntu1 | UNKNOWN |
ubuntu | 8.04 | noarch | xulrunner-1.9 | <ย 1.9.0.19+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | xulrunner-1.9 | <ย 1.9.0.19+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
ubuntu | 9.04 | noarch | xulrunner-1.9 | <ย 1.9.0.19+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
ubuntu | 9.04 | noarch | xulrunner-1.9.1 | <ย 1.9.1.9+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |