ID CVE-2010-2755
Summary layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 19-09-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-10-06T04:00:28.233-04:00
class vulnerability
contributors
  • name J. Daniel Brown
    organization DTCC
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
description layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
family windows
id oval:org.mitre.oval:def:11961
status accepted
submitted 2010-07-30T17:30:00.000-05:00
title Mozilla Firefox Plugin Parameter Reference Remote Code Execution Vulnerability
version 25
redhat via4
advisories
  • bugzilla
    id 617657
    title CVE-2010-2755 Mozilla arbitrary free flaw
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment xulrunner is earlier than 0:1.9.2.7-3.el5
          oval oval:com.redhat.rhsa:tst:20100556002
        • comment xulrunner is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080569003
      • AND
        • comment xulrunner-devel is earlier than 0:1.9.2.7-3.el5
          oval oval:com.redhat.rhsa:tst:20100556004
        • comment xulrunner-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080569005
      • AND
        • comment firefox is earlier than 0:3.6.7-3.el5
          oval oval:com.redhat.rhsa:tst:20100556006
        • comment firefox is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070097009
    rhsa
    id RHSA-2010:0556
    released 2010-07-23
    severity Critical
    title RHSA-2010:0556: firefox security update (Critical)
  • bugzilla
    id 617657
    title CVE-2010-2755 Mozilla arbitrary free flaw
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.9-0.58.el3
            oval oval:com.redhat.rhsa:tst:20100557002
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.9-0.58.el3
            oval oval:com.redhat.rhsa:tst:20100557010
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.9-0.58.el3
            oval oval:com.redhat.rhsa:tst:20100557004
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.9-0.58.el3
            oval oval:com.redhat.rhsa:tst:20100557012
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.9-0.58.el3
            oval oval:com.redhat.rhsa:tst:20100557018
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.9-0.58.el3
            oval oval:com.redhat.rhsa:tst:20100557014
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
        • AND
          • comment seamonkey-nspr is earlier than 0:1.0.9-0.58.el3
            oval oval:com.redhat.rhsa:tst:20100557020
          • comment seamonkey-nspr is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734007
        • AND
          • comment seamonkey-nspr-devel is earlier than 0:1.0.9-0.58.el3
            oval oval:com.redhat.rhsa:tst:20100557006
          • comment seamonkey-nspr-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734009
        • AND
          • comment seamonkey-nss is earlier than 0:1.0.9-0.58.el3
            oval oval:com.redhat.rhsa:tst:20100557016
          • comment seamonkey-nss is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734015
        • AND
          • comment seamonkey-nss-devel is earlier than 0:1.0.9-0.58.el3
            oval oval:com.redhat.rhsa:tst:20100557008
          • comment seamonkey-nss-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734017
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.9-61.el4
            oval oval:com.redhat.rhsa:tst:20100557023
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.9-61.el4
            oval oval:com.redhat.rhsa:tst:20100557027
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.9-61.el4
            oval oval:com.redhat.rhsa:tst:20100557025
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.9-61.el4
            oval oval:com.redhat.rhsa:tst:20100557028
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.9-61.el4
            oval oval:com.redhat.rhsa:tst:20100557026
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.9-61.el4
            oval oval:com.redhat.rhsa:tst:20100557024
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
    rhsa
    id RHSA-2010:0557
    released 2010-07-23
    severity Critical
    title RHSA-2010:0557: seamonkey security update (Critical)
  • bugzilla
    id 617657
    title CVE-2010-2755 Mozilla arbitrary free flaw
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • comment firefox is earlier than 0:3.6.7-3.el4
      oval oval:com.redhat.rhsa:tst:20100558002
    • comment firefox is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20060733003
    rhsa
    id RHSA-2010:0558
    released 2010-07-23
    severity Critical
    title RHSA-2010:0558: firefox security update (Critical)
rpms
  • xulrunner-0:1.9.2.7-3.el5
  • xulrunner-devel-0:1.9.2.7-3.el5
  • firefox-0:3.6.7-3.el5
  • seamonkey-0:1.0.9-0.58.el3
  • seamonkey-chat-0:1.0.9-0.58.el3
  • seamonkey-devel-0:1.0.9-0.58.el3
  • seamonkey-dom-inspector-0:1.0.9-0.58.el3
  • seamonkey-js-debugger-0:1.0.9-0.58.el3
  • seamonkey-mail-0:1.0.9-0.58.el3
  • seamonkey-nspr-0:1.0.9-0.58.el3
  • seamonkey-nspr-devel-0:1.0.9-0.58.el3
  • seamonkey-nss-0:1.0.9-0.58.el3
  • seamonkey-nss-devel-0:1.0.9-0.58.el3
  • seamonkey-0:1.0.9-61.el4
  • seamonkey-chat-0:1.0.9-61.el4
  • seamonkey-devel-0:1.0.9-61.el4
  • seamonkey-dom-inspector-0:1.0.9-61.el4
  • seamonkey-js-debugger-0:1.0.9-61.el4
  • seamonkey-mail-0:1.0.9-61.el4
  • firefox-0:3.6.7-3.el4
refmap via4
confirm
Last major update 19-09-2017 - 01:31
Published 30-07-2010 - 13:26
Back to Top