National Cyber Awareness System

Vulnerability Summary for CVE-2010-2767

Overview

The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability."

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.mozilla.org/show_bug.cgi?id=584512

Hyperlink:https://bugzilla.mozilla.org/show_bug.cgi?id=584512

External Source: XF

Name: mozilla-pointer-code-execution(61658)

Hyperlink:http://xforce.iss.net/xforce/xfdb/61658

External Source: VUPEN

Name: ADV-2011-0061

Hyperlink:http://www.vupen.com/english/advisories/2011/0061

External Source: VUPEN

Name: ADV-2010-2323

Hyperlink:http://www.vupen.com/english/advisories/2010/2323

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2010/mfsa2010-51.html

Type: Advisory

Hyperlink:http://www.mozilla.org/security/announce/2010/mfsa2010-51.html

External Source: MANDRIVA

Name: MDVSA-2010:173

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:173

External Source: DEBIAN

Name: DSA-2106

Hyperlink:http://www.debian.org/security/2010/dsa-2106

External Source: CONFIRM

Name: http://support.avaya.com/css/P8/documents/100112690

Hyperlink:http://support.avaya.com/css/P8/documents/100112690

External Source: CONFIRM

Name: http://support.avaya.com/css/P8/documents/100110210

Hyperlink:http://support.avaya.com/css/P8/documents/100110210

External Source: SECUNIA

Name: 42867

Hyperlink:http://secunia.com/advisories/42867

External Source: OVAL

Name: oval:org.mitre.oval:def:11969

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11969

External Source: SUSE

Name: SUSE-SA:2010:049

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html

External Source: FEDORA

Name: FEDORA-2010-14362

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html

External Source: CONFIRM

Name: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

Hyperlink:http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

References to Check Content

Identifier:oval:org.mitre.oval:def:11969

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11969