CVE-2010-1198

high

Description

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html

https://bugzilla.mozilla.org/show_bug.cgi?id=532246

http://secunia.com/advisories/40326

http://secunia.com/advisories/40401

http://secunia.com/advisories/40481

https://exchange.xforce.ibmcloud.com/vulnerabilities/59664

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10990

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14176

http://support.avaya.com/css/P8/documents/100091069

http://ubuntu.com/usn/usn-930-1

http://www.mandriva.com/security/advisories?name=MDVSA-2010:125

http://www.mozilla.org/security/announce/2010/mfsa2010-28.html

http://www.redhat.com/support/errata/RHSA-2010-0499.html

http://www.redhat.com/support/errata/RHSA-2010-0500.html

http://www.redhat.com/support/errata/RHSA-2010-0501.html

http://www.securitytracker.com/id?1024138

http://www.ubuntu.com/usn/usn-930-2

http://www.vupen.com/english/advisories/2010/1551

http://www.vupen.com/english/advisories/2010/1556

http://www.vupen.com/english/advisories/2010/1557

http://www.vupen.com/english/advisories/2010/1592

http://www.vupen.com/english/advisories/2010/1640

http://www.vupen.com/english/advisories/2010/1773

Details

Source: Mitre, NVD

Published: 2010-06-24

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High