CVE-2010-2755 - layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the param

CVE-2010-2755

Summary

layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 19-09-2017 - 01:31)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2014-10-06T04:00:28.233-04:00

class

vulnerability

contributors

name J. Daniel Brown
organization DTCC
name Sergey Artykhov
organization ALTX-SOFT
name Sergey Artykhov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT

definition_extensions

comment	Mozilla Firefox Mainline release is installed
oval	oval:org.mitre.oval:def:22259

description

family

windows

oval:org.mitre.oval:def:11961

status

accepted

submitted

2010-07-30T17:30:00.000-05:00

title

Mozilla Firefox Plugin Parameter Reference Remote Code Execution Vulnerability

version

redhat via4

advisories

bugzilla

id	617657
title	CVE-2010-2755 Mozilla arbitrary free flaw

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment xulrunner is earlier than 0:1.9.2.7-3.el5
oval oval:com.redhat.rhsa:tst:20100556001
comment xulrunner is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080569002

AND

comment xulrunner-devel is earlier than 0:1.9.2.7-3.el5
oval oval:com.redhat.rhsa:tst:20100556003
comment xulrunner-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080569004

AND
comment firefox is earlier than 0:3.6.7-3.el5
oval oval:com.redhat.rhsa:tst:20100556005
comment firefox is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070097008

rhsa

id	RHSA-2010:0556
released	2010-07-24
severity	Critical
title	RHSA-2010:0556: firefox security update (Critical)

bugzilla

id	617657
title	CVE-2010-2755 Mozilla arbitrary free flaw

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment seamonkey is earlier than 0:1.0.9-61.el4
oval oval:com.redhat.rhsa:tst:20100557001
comment seamonkey is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609002
AND
comment seamonkey-chat is earlier than 0:1.0.9-61.el4
oval oval:com.redhat.rhsa:tst:20100557003
comment seamonkey-chat is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609004
AND
comment seamonkey-devel is earlier than 0:1.0.9-61.el4
oval oval:com.redhat.rhsa:tst:20100557005
comment seamonkey-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609006

AND

comment seamonkey-dom-inspector is earlier than 0:1.0.9-61.el4
oval oval:com.redhat.rhsa:tst:20100557007
comment seamonkey-dom-inspector is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609008

AND

comment seamonkey-js-debugger is earlier than 0:1.0.9-61.el4
oval oval:com.redhat.rhsa:tst:20100557009
comment seamonkey-js-debugger is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609010

AND
comment seamonkey-mail is earlier than 0:1.0.9-61.el4
oval oval:com.redhat.rhsa:tst:20100557011
comment seamonkey-mail is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609012

rhsa

id	RHSA-2010:0557
released	2010-07-24
severity	Critical
title	RHSA-2010:0557: seamonkey security update (Critical)

bugzilla

id	617657
title	CVE-2010-2755 Mozilla arbitrary free flaw

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025
comment firefox is earlier than 0:3.6.7-3.el4
oval oval:com.redhat.rhsa:tst:20100558001
comment firefox is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060200002

rhsa

id	RHSA-2010:0558
released	2010-07-24
severity	Critical
title	RHSA-2010:0558: firefox security update (Critical)

rpms

firefox-0:3.6.7-3.el5
firefox-debuginfo-0:3.6.7-3.el5
xulrunner-0:1.9.2.7-3.el5
xulrunner-debuginfo-0:1.9.2.7-3.el5
xulrunner-devel-0:1.9.2.7-3.el5
seamonkey-0:1.0.9-0.58.el3
seamonkey-0:1.0.9-61.el4
seamonkey-chat-0:1.0.9-0.58.el3
seamonkey-chat-0:1.0.9-61.el4
seamonkey-debuginfo-0:1.0.9-0.58.el3
seamonkey-debuginfo-0:1.0.9-61.el4
seamonkey-devel-0:1.0.9-0.58.el3
seamonkey-devel-0:1.0.9-61.el4
seamonkey-dom-inspector-0:1.0.9-0.58.el3
seamonkey-dom-inspector-0:1.0.9-61.el4
seamonkey-js-debugger-0:1.0.9-0.58.el3
seamonkey-js-debugger-0:1.0.9-61.el4
seamonkey-mail-0:1.0.9-0.58.el3
seamonkey-mail-0:1.0.9-61.el4
seamonkey-nspr-0:1.0.9-0.58.el3
seamonkey-nspr-devel-0:1.0.9-0.58.el3
seamonkey-nss-0:1.0.9-0.58.el3
seamonkey-nss-devel-0:1.0.9-0.58.el3
firefox-0:3.6.7-3.el4
firefox-debuginfo-0:3.6.7-3.el4

refmap via4

confirm

Last major update

19-09-2017 - 01:31

Published

30-07-2010 - 13:26

Last modified

19-09-2017 - 01:31