Lucene search
Ubuntu.comUB:CVE-2010-3183HistoryOct 19, 2010 - 12:00 a.m.
CVE-2010-3183
2010-10-1900:00:00
ubuntu.com
ubuntu.com
18
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.694 Medium
EPSS
Percentile
98.0%
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before
3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
3.1.5, and SeaMonkey before 2.0.9 does not properly support
window.lookupGetter function calls that lack arguments, which allows
remote attackers to execute arbitrary code or cause a denial of service
(incorrect pointer dereference and application crash) via vectors involving
a βdangling pointerβ and the JS_ValueToId function.
Notes
| Author | Note |
|---|---|
| jdstrand | CVEs in Firefox are tracked in the xulrunner source packages for builds that use the system xulrunner, and firefox source packages for those that use a static build xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul) xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul) xulrunner-1.9: (ignored) reverse dependencies no longer process web content xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content xulrunner-1.9.2: system xul for reverese dependencies that process web content firefox: Ubuntu 6.06 LTS (static build) firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher) firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x) firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead) firefox-3.5: Ubuntu 9.10 (static build of 3.6.x) thunderbird low (javascript not enabled by default) |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | firefox | <Β 3.6.11+build3+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
| ubuntu | 10.10 | noarch | firefox | <Β 3.6.11+build3+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
| ubuntu | 11.04 | noarch | firefox | <Β 3.6.11+build3+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | firefox-3.0 | <Β 3.6.11+build3+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 9.04 | noarch | firefox-3.0 | <Β 3.6.11+build3+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
| ubuntu | 9.04 | noarch | firefox-3.5 | <Β 3.5.14+build3+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | firefox-3.5 | <Β 3.6.11+build3+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | seamonkey | <Β 2.0.9+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 9.04 | noarch | seamonkey | <Β 2.0.9+build1+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | seamonkey | <Β 2.0.9+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
Related
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:50:47
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-67
2010-10-23 00:00:00
zdi
zdi
Mozilla Firefox LookupGetterOrSetter Remote Code Execution Vulnerability
2010-10-19 00:00:00
seebug
seebug
Mozilla Firefox LookupGetterOrSetterε½ζ°ζ¬εζιζΌζ΄
2010-10-26 00:00:00
mozilla
mozilla
Dangling pointer vulnerability in LookupGetterOrSetter β Mozilla
2010-10-19 00:00:00
prion
prion
Null pointer dereference
2010-10-21 19:00:00
cve
cve
CVE-2010-3183
2010-10-21 19:00:00
nessus
nessus
Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-998-1)
2010-10-21 00:00:00
RHEL 6 : thunderbird (RHSA-2010:0896)
2010-11-18 00:00:00
openvas
openvas
Mozilla Products Multiple Vulnerabilities October-10 (Windows)
2010-10-28 00:00:00
Mozilla Products Multiple Vulnerabilities (Oct 2010) - Windows
2010-10-28 00:00:00
Ubuntu Update for thunderbird vulnerabilities USN-998-1
2010-10-22 00:00:00
debian
debian
BSA-010 Security Update for iceweasel
2010-11-02 19:04:50
BSA-010 Security Update for iceweasel
2010-11-02 15:55:32
[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities
2010-11-01 20:38:47
ubuntu
ubuntu
Thunderbird vulnerabilities
2010-10-20 00:00:00
Firefox and Xulrunner vulnerabilities
2010-10-20 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: galeon-2.0.7-34.fc13
2010-10-27 22:45:51
[SECURITY] Fedora 13 Update: xulrunner-1.9.2.11-1.fc13
2010-10-27 22:45:51
[SECURITY] Fedora 13 Update: firefox-3.6.11-1.fc13
2010-10-27 22:45:51
redhat
redhat
(RHSA-2010:0896) Moderate: thunderbird security update
2010-11-17 00:00:00
(RHSA-2010:0861) Critical: firefox security update
2010-11-10 00:00:00
(RHSA-2010:0782) Critical: firefox security update
2010-10-19 00:00:00
osv
osv
xulrunner - several vulnerabilities
2010-11-01 00:00:00
centos
centos
firefox, nss, xulrunner security update
2010-10-20 14:29:05
oraclelinux
oraclelinux
firefox security update
2010-10-20 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-10-19 00:00:00
suse
suse
remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird
2010-11-08 11:27:17
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.694 Medium
EPSS
Percentile
98.0%
Related for UB:CVE-2010-3183