CVE-2010-1121

Vulnerability Description

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010
• http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html
• http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html
• http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html
• http://news.cnet.com/8301-27080_3-20001126-245.html
• http://secunia.com/advisories/40323Vendor Advisory
• http://secunia.com/advisories/40326Vendor Advisory
• http://secunia.com/advisories/40401Vendor Advisory
• http://secunia.com/advisories/40481Vendor Advisory
• http://support.avaya.com/css/P8/documents/100091069
• http://twitter.com/thezdi/statuses/11005277222
• http://ubuntu.com/usn/usn-930-1
• http://www.mozilla.org/security/announce/2010/mfsa2010-25.htmlVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2010-0500.html
• http://www.redhat.com/support/errata/RHSA-2010-0501.html