CVE-2010-1208

NameCVE-2010-1208
DescriptionUse-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2075-1
NVD severityhigh (attack range: remote, user-initiated)
Debian/oldstablenot known to be vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
iceape (PTS)squeeze (security)2.0.11-17fixed
xulrunner (PTS)wheezy, wheezy (security)24.8.1esr-2~deb7u1fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)2.0.6-1high
iceapesourcelenny(not affected)
xulrunnersource(unstable)1.9.1.11-1high
xulrunnersourcelenny1.9.0.19-3highDSA-2075-1

Notes

[lenny] - iceape <not-affected> (Only a stub package)

Search for package or bug name: Reporting problems