CVE-2010-0175
Published: 5 April 2010
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.
Notes
Author | Note |
---|---|
jdstrand | per Chris Coulson, tbird requires javascript to be enabled |
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Not vulnerable
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Released
(3.6.3+nobinonly-0ubuntu2)
|
|
upstream |
Released
(3.6.3)
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.0.8+build1+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Released
(2.0.8+build1+nobinonly-0ubuntu0.9.04.1)
|
|
karmic |
Released
(2.0.8+build1+nobinonly-0ubuntu0.9.10.1)
|
|
lucid |
Released
(2.0.8+build1+nobinonly-0ubuntu0.10.04.1)
|
|
upstream |
Released
(2.0.4)
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
|
|
intrepid |
Ignored
|
|
jaunty |
Ignored
|
|
karmic |
Ignored
|
|
lucid |
Released
(3.0.4+nobinonly-0ubuntu1)
|
|
upstream |
Released
(3.0.4)
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(1.9.0.19+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.9.0.19+nobinonly-0ubuntu0.8.10.1)
|
|
jaunty |
Released
(1.9.0.19+nobinonly-0ubuntu0.9.04.1)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
upstream |
Released
(1.9.0.19)
|
|
xulrunner-1.9.1 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Released
(1.9.1.9+nobinonly-0ubuntu0.9.04.1)
|
|
karmic |
Released
(1.9.1.9+nobinonly-0ubuntu0.9.10.1)
|
|
lucid |
Does not exist
|
|
upstream |
Released
(1.9.1.9)
|