Vulnerability Details : CVE-2010-1121
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
Vulnerability category: Memory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-1121
Probability of exploitation activity in the next 30 days: 27.40%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1121
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2010-1121
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1121
-
http://www.vupen.com/english/advisories/2010/1640
Webmail | OVH- OVHVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=555109
555109 - (CVE-2010-1121) Move wrappers to new scope even if their parent hasn't been moved yet (ZDI-CAN-761)
-
http://www.vupen.com/english/advisories/2010/1592
Webmail | OVH- OVH
-
http://ubuntu.com/usn/usn-930-1
USN-930-1: Firefox and Xulrunner vulnerabilities | Ubuntu security notices
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924
Repository / Oval Repository
-
http://twitter.com/thezdi/statuses/11005277222
Zero Day Initiative on Twitter: "Nils from MWR InfoSecurity (@MWRLabs) succeeded against Firefox on Windows 7 with the quintessential calc.exe launching payload."
-
http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
Re-use of freed object due to scope confusion — MozillaVendor Advisory
-
http://www.ubuntu.com/usn/usn-930-2
USN-930-2: apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update | Ubuntu security notices
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html
[SECURITY] Fedora 12 Update: firefox-3.5.10-1.fc12
-
http://www.redhat.com/support/errata/RHSA-2010-0500.html
Support
-
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html
[security-announce] SUSE Security Announcement: Mozilla Firefox (SUSE-SA
-
http://www.securitytracker.com/id?1023817
Mozilla Firefox Memory Re-use Error Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html
[SECURITY] Fedora 13 Update: firefox-3.6.4-1.fc13
-
http://news.cnet.com/8301-27080_3-20001126-245.html
Page Not Found (404) - CNET
-
http://www.vupen.com/english/advisories/2010/1557
Webmail | OVH- OVHVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0501.html
Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844
Repository / Oval Repository
-
http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010
Threat Intelligence | Digital Vaccine® | ThreatLinQ | Trend Micro
-
http://www.vupen.com/english/advisories/2010/1773
Webmail | OVH- OVHVendor Advisory
-
http://support.avaya.com/css/P8/documents/100091069
ASA-2010-165 (RHSA-2010-0500)
Products affected by CVE-2010-1121
- cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*