Rapid7 Vulnerability & Exploit Database

MFSA2010-56: Dangling pointer vulnerability in nsTreeContentView

Back to Search

MFSA2010-56: Dangling pointer vulnerability in nsTreeContentView

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

09/07/2010

Created

07/25/2018

Added

09/16/2010

Modified

02/13/2015

Description

It has been reported that the implementation of XUL <tree>'s content view contains a dangling pointer vulnerability. One of the content view's methods for accessing the internal structure of the tree could be manipulated into removing a node prior to accessing it, resulting in the accessing of deleted memory. If an attacker can control the contents of the deleted memory prior to its access they could use this vulnerability to run arbitrary code on a victim's machine.

Solution(s)

mozilla-firefox-upgrade-3_6_9
mozilla-firefox-upgrade-3_5_12

References

https://attackerkb.com/topics/cve-2010-3167
43097
CVE - 2010-3167
DSA-2106
OVAL12136
SUSE-SA:2010:049
http://www.mozilla.org/security/announce/2010/mfsa2010-56.html
61661

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

MFSA2010-56: Dangling pointer vulnerability in nsTreeContentView