7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.13 Low
EPSS
Percentile
95.5%
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1,
Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers
to cause a denial of service (application crash) or possibly execute
arbitrary code via vectors that trigger failure of an
nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the
cycle collector’s access to a hash table containing a stale XBL binding.
Author | Note |
---|---|
micahg | did not affect Firefox 9, Thunderbird 9, Seamonkey 2.6 or earlier |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | < 10.0.1+build1-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | firefox | < 10.0.1+build1-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 11.04 | noarch | firefox | < 10.0.1+build1-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | firefox | < 10.0.1+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | firefox | < 11.0~b2+build1-0ubuntu1 | UNKNOWN |
ubuntu | 11.10 | noarch | thunderbird | < 10.0.1+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 12.0.1+build1-0ubuntu0.12.04.1 | UNKNOWN |