CVE-2010-1121
Published: 25 March 2010
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Ignored
(reached end-of-life)
|
| hardy |
Not vulnerable
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Released
(3.6.6+nobinonly-0ubuntu0.10.04.1)
|
|
| upstream |
Needed
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| lucid |
Released
(3.0.5+build2+nobinonly-0ubuntu0.10.04.1)
|
|
| upstream |
Released
(3.0.5)
|
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Ignored
(reverse dependencies no longer process web content)
|
|
| intrepid |
Needed
(reached end-of-life)
|
|
| jaunty |
Ignored
(reverse dependencies no longer process web content)
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| upstream |
Needed
|
|
|
xulrunner-1.9.1 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Ignored
(use firefox-3.0 instead)
|
|
| karmic |
Ignored
(reverse dependencies no longer process web content)
|
|
| lucid |
Does not exist
|
|
| upstream |
Needed
|
|
|
xulrunner-1.9.2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(1.9.2.6+nobinonly-0ubuntu0.8.04.1)
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Released
(1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2)
|
|
| karmic |
Released
(1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2)
|
|
| lucid |
Released
(1.9.2.6+nobinonly-0ubuntu0.10.04.1)
|
|
| upstream |
Needed
|
Notes
| Author | Note |
|---|---|
| jdstrand | CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. |
| mdeslaur | although done on Win7, may not be windows-specific |
| jdstrand | thunderbird 2 not affected |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121
- http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010
- https://ubuntu.com/security/notices/USN-930-1
- https://ubuntu.com/security/notices/USN-943-1
- https://ubuntu.com/security/notices/USN-930-4
- http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
- NVD
- Launchpad
- Debian