CVE-2010-1208 - OpenCVE

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Seamonkey Firefox

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::

Configuration 2 [-]

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.mozilla.org/security/announce/2010/mfsa2010-35.html	Vendor Advisory
http://www.securityfocus.com/archive/1/512515	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/41849	Broken Link Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-10-134/	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=572986	Issue Tracking Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-07-30T20:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2010-03-30T00:00:00

Link: CVE-2010-1208

JSON object: View

NVD Information

Status : Analyzed

Published: 2010-07-30T20:30:01.393

Modified: 2024-02-02T16:10:03.047

Link: CVE-2010-1208

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-20T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:11740", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-134/"}, {"name": "41849", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/41849"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=572986"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-35.html"}, {"name": "20100721 ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/512515"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1208", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:11740", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-134/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-134/"}, {"name": "41849", "refsource": "BID", "url": "http://www.securityfocus.com/bid/41849"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=572986", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=572986"}, {"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-35.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-35.html"}, {"name": "20100721 ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/512515"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1208", "datePublished": "2010-07-30T20:00:00", "dateReserved": "2010-03-30T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CF4FFCA-9F5F-476E-A9D7-340A7F7A1FE2", "versionEndExcluding": "3.5.11", "versionStartIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A640480-D40C-4904-8782-56C502784E09", "versionEndExcluding": "3.6.7", "versionStartIncluding": "3.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FAC42ED-38D9-4D2F-945E-B19F267B36FB", "versionEndExcluding": "2.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count."}, {"lang": "es", "value": "Una vulnerabilidad de uso de la memoria previamente liberada en la funcionalidad de clonaci\u00f3n de atributos en la implementaci\u00f3n DOM en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones a 3.6.x anteriores a 3.6.7, y SeaMonkey anterior a versi\u00f3n 2.0.6, de Mozilla, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores relacionados a la eliminaci\u00f3n de un nodo de atributo de evento con un conteo de referencia diferente de cero."}], "id": "CVE-2010-1208", "lastModified": "2024-02-02T16:10:03.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2010-07-30T20:30:01.393", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-35.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/512515"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/41849"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-134/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=572986"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}