Fluid Attacks Database

Description

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	thunderbird	<0:2.0.0.24-8.el5	0:2.0.0.24-8.el5
rpm rhel5	xulrunner	<0:1.9.2.9-1.el5	0:1.9.2.9-1.el5
rpm rhel5	firefox	<0:3.6.9-2.el5	0:3.6.9-2.el5
rpm rhel5	nspr	<0:4.8.6-1.el5	0:4.8.6-1.el5
rpm rhel5	nss	<0:3.12.7-2.el5	0:3.12.7-2.el5

Aliases

1. CVE-2010-31682. NVD-2010-31683. OSV-2010-3168

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.