CVE-2010-0175
🟠 Łataj w tym tygodniu
Wykorzystanie po zwolnieniu pamięci w Firefoxie umożliwia zdalne wykonanie kodu lub awarię aplikacji.
CVSS
9.3
EPSS
6.7%
Exploit
none
Vendor
mozilla
Opis źródłowy (NVD)
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.
dos
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 6.7% |
| Opublikowano (NVD) | 2010-04-05 17:30:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-29 01:13:23 UTC |
Referencje
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html (cve@mitre.org)
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html (cve@mitre.org)
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html (cve@mitre.org)
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html (cve@mitre.org)
- http://secunia.com/advisories/38566 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39117 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39136 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39204 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39240 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39242 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39243 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39308 (cve@mitre.org)
- http://secunia.com/advisories/39397 (cve@mitre.org)
- http://securitytracker.com/id?1023780 (cve@mitre.org)
- http://securitytracker.com/id?1023782 (cve@mitre.org)
- http://ubuntu.com/usn/usn-921-1 (cve@mitre.org)
- http://www.debian.org/security/2010/dsa-2027 (cve@mitre.org)
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 (cve@mitre.org)
- http://www.mozilla.org/security/announce/2010/mfsa2010-17.html (cve@mitre.org) [Vendor Advisory]
- http://www.redhat.com/support/errata/RHSA-2010-0332.html (cve@mitre.org)
- http://www.redhat.com/support/errata/RHSA-2010-0333.html (cve@mitre.org)
- http://www.securityfocus.com/archive/1/510542/100/0/threaded (cve@mitre.org)
- http://www.vupen.com/english/advisories/2010/0748 (cve@mitre.org) [Vendor Advisory]
- http://www.vupen.com/english/advisories/2010/0764 (cve@mitre.org) [Vendor Advisory]
- http://www.vupen.com/english/advisories/2010/0765 (cve@mitre.org) [Vendor Advisory]
- http://www.vupen.com/english/advisories/2010/0781 (cve@mitre.org)
- http://www.vupen.com/english/advisories/2010/0790 (cve@mitre.org)
- http://www.vupen.com/english/advisories/2010/0849 (cve@mitre.org)
- http://www.zerodayinitiative.com/advisories/ZDI-10-050 (cve@mitre.org)
- https://bugzilla.mozilla.org/show_bug.cgi?id=375928 (cve@mitre.org)
- https://bugzilla.mozilla.org/show_bug.cgi?id=540100 (cve@mitre.org)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57390 (cve@mitre.org)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7546 (cve@mitre.org)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9834 (cve@mitre.org)