CVE-2010-1208

NameCVE-2010-1208
DescriptionUse-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2075-1
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xulrunner (PTS)wheezy (security), wheezy24.8.1esr-2~deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)2.0.6-1high
iceapesourcelenny(not affected)
xulrunnersource(unstable)1.9.1.11-1high
xulrunnersourcelenny1.9.0.19-3highDSA-2075-1

Notes

[lenny] - iceape <not-affected> (Only a stub package)

Search for package or bug name: Reporting problems