Rapid7 Vulnerability & Exploit Database

MFSA2010-55: XUL tree removal crash and remote code execution

Back to Search

MFSA2010-55: XUL tree removal crash and remote code execution

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
09/07/2010
Created
07/25/2018
Added
09/16/2010
Modified
02/13/2015

Description

It has been reported that XUL <tree> objects could be manipulated such that the setting of certain properties on the object would trigger the removal of the tree from the DOM and cause certain sections of deleted memory to be accessed. In products based on Gecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer this memory has been overwritten by a value that will cause an unexploitable crash. In products based on Gecko version 1.9.1 (Firefox 3.5, Thunderbird 3.0, and SeaMonkey 2.0) and older an attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on their computer.

Solution(s)

  • mozilla-firefox-upgrade-3_6_9
  • mozilla-firefox-upgrade-3_5_12

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;