CVE-2010-0177
🟠 Łataj w tym tygodniu
Błąd w Mozilla Firefox i SeaMonkey umożliwia zdalne wykonanie kodu lub awarię aplikacji.
CVSS
9.3
EPSS
6.7%
Exploit
none
Vendor
mozilla
Opis źródłowy (NVD)
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability."
dos
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 6.7% |
| Opublikowano (NVD) | 2010-04-05 17:30:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-29 01:13:23 UTC |
Referencje
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html (cve@mitre.org)
- http://secunia.com/advisories/38566 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39117 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39136 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39240 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39243 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/39308 (cve@mitre.org)
- http://secunia.com/advisories/39397 (cve@mitre.org)
- http://securitytracker.com/id?1023776 (cve@mitre.org)
- http://ubuntu.com/usn/usn-921-1 (cve@mitre.org)
- http://www.debian.org/security/2010/dsa-2027 (cve@mitre.org)
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 (cve@mitre.org)
- http://www.mozilla.org/security/announce/2010/mfsa2010-19.html (cve@mitre.org) [Vendor Advisory]
- http://www.redhat.com/support/errata/RHSA-2010-0332.html (cve@mitre.org)
- http://www.redhat.com/support/errata/RHSA-2010-0333.html (cve@mitre.org)
- http://www.securityfocus.com/archive/1/510540/100/0/threaded (cve@mitre.org)
- http://www.vupen.com/english/advisories/2010/0748 (cve@mitre.org) [Vendor Advisory]
- http://www.vupen.com/english/advisories/2010/0764 (cve@mitre.org) [Vendor Advisory]
- http://www.vupen.com/english/advisories/2010/0765 (cve@mitre.org) [Vendor Advisory]
- http://www.vupen.com/english/advisories/2010/0781 (cve@mitre.org)
- http://www.vupen.com/english/advisories/2010/0849 (cve@mitre.org)
- http://www.zerodayinitiative.com/advisories/ZDI-10-049 (cve@mitre.org)
- https://bugzilla.mozilla.org/show_bug.cgi?id=538310 (cve@mitre.org)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57393 (cve@mitre.org)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10833 (cve@mitre.org)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7622 (cve@mitre.org)