Home > Vulnerability Database > CVE-2010-1121

Mend.io Vulnerability Database

CVE-2010-1121

Date: March 25, 2010

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.

Severity Score

9.8

Related Resources (28)

Url: http://news.cnet.com/8301-27080_3-20001126-245.html

Url: http://www.redhat.com/support/errata/RHSA-2010-0500.html

Url: http://www.vupen.com/english/advisories/2010/1640

Url: http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010

Url: http://ubuntu.com/usn/usn-930-1

Url: https://access.redhat.com/security/cve/CVE-2010-1121

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-1121

Url: http://www.vupen.com/english/advisories/2010/1773

Url: http://www.ubuntu.com/usn/usn-930-2

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=555109

Url: http://support.avaya.com/css/P8/documents/100091069

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html

Url: http://www.vupen.com/english/advisories/2010/1592

Url: http://www.redhat.com/support/errata/RHSA-2010-0501.html

Url: http://www.mozilla.org/security/announce/2010/mfsa2010-25.html

Url: http://www.vupen.com/english/advisories/2010/1557

Url: http://secunia.com/advisories/40481

Url: http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2010-1121

Url: http://www.securitytracker.com/id?1023817

Url: http://secunia.com/advisories/40323

Url: http://secunia.com/advisories/40401

Url: http://secunia.com/advisories/40326

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924

Url: http://twitter.com/thezdi/statuses/11005277222

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html

Url: https://www.mend.io/vulnerability-database/CVE-2010-1121

Severity Score

9.8

Weakness Type (CWE)

Code Injection

CWE-94

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-1121

Date: March 25, 2010

Severity Score

Related Resources (28)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?