CVE-2010-2766

Sažetak

The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object.

Reference

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
http://secunia.com/advisories/42867
http://support.avaya.com/css/P8/documents/100112690
http://www.debian.org/security/2010/dsa-2106
http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
http://www.mozilla.org/security/announce/2010/mfsa2010-57.html
http://www.securityfocus.com/bid/43100
http://www.vupen.com/english/advisories/2010/2323
http://www.vupen.com/english/advisories/2011/0061
http://www.zerodayinitiative.com/advisories/ZDI-10-176/
https://bugzilla.mozilla.org/show_bug.cgi?id=580445
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11778

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-09-2017 - 01:31

Objavljeno

09-09-2010 - 19:00