CVE-2010-1121

EUVD-2010-1152
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
3.6
mozillafirefox
3.6.1
mozillafirefox
3.6.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
dapper
ignored
hardy
not-affected
intrepid
dne
jaunty
dne
karmic
dne
lucid
Fixed 3.6.6+nobinonly-0ubuntu0.10.04.1
released
thunderbird
dapper
dne
hardy
not-affected
jaunty
not-affected
karmic
not-affected
lucid
Fixed 3.0.5+build2+nobinonly-0ubuntu0.10.04.1
released
xulrunner-1.9
dapper
dne
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
dne
lucid
dne
xulrunner-1.9.1
dapper
dne
hardy
dne
intrepid
dne
jaunty
ignored
karmic
ignored
lucid
dne
xulrunner-1.9.2
dapper
dne
hardy
Fixed 1.9.2.6+nobinonly-0ubuntu0.8.04.1
released
intrepid
dne
jaunty
Fixed 1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2
released
karmic
Fixed 1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2
released
lucid
Fixed 1.9.2.6+nobinonly-0ubuntu0.10.04.1
released
Common Weakness Enumeration
References
http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html
http://news.cnet.com/8301-27080_3-20001126-245.html
http://secunia.com/advisories/40323
http://secunia.com/advisories/40326
http://secunia.com/advisories/40401
http://secunia.com/advisories/40481
http://support.avaya.com/css/P8/documents/100091069
http://twitter.com/thezdi/statuses/11005277222
http://ubuntu.com/usn/usn-930-1
http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
http://www.redhat.com/support/errata/RHSA-2010-0500.html
http://www.redhat.com/support/errata/RHSA-2010-0501.html
http://www.securitytracker.com/id?1023817
http://www.ubuntu.com/usn/usn-930-2
http://www.vupen.com/english/advisories/2010/1557
http://www.vupen.com/english/advisories/2010/1592
http://www.vupen.com/english/advisories/2010/1640
http://www.vupen.com/english/advisories/2010/1773
https://bugzilla.mozilla.org/show_bug.cgi?id=555109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844
http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html
http://news.cnet.com/8301-27080_3-20001126-245.html
http://secunia.com/advisories/40323
http://secunia.com/advisories/40326
http://secunia.com/advisories/40401
http://secunia.com/advisories/40481
http://support.avaya.com/css/P8/documents/100091069
http://twitter.com/thezdi/statuses/11005277222
http://ubuntu.com/usn/usn-930-1
http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
http://www.redhat.com/support/errata/RHSA-2010-0500.html
http://www.redhat.com/support/errata/RHSA-2010-0501.html
http://www.securitytracker.com/id?1023817
http://www.ubuntu.com/usn/usn-930-2
http://www.vupen.com/english/advisories/2010/1557
http://www.vupen.com/english/advisories/2010/1592
http://www.vupen.com/english/advisories/2010/1640
http://www.vupen.com/english/advisories/2010/1773
https://bugzilla.mozilla.org/show_bug.cgi?id=555109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844