FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-0175

This CVE name corresponds to:

Entered	Topic
2010-03-30	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-0175 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2010-0175
Phase	Assigned(20100106)

Description

Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.

References

Source	Reference
BUGTRAQ	20100402 ZDI-10-050: Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability
MISC	http://www.zerodayinitiative.com/advisories/ZDI-10-050
CONFIRM	http://www.mozilla.org/security/announce/2010/mfsa2010-17.html
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=375928
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=540100
DEBIAN	DSA-2027
FEDORA	FEDORA-2010-5526
FEDORA	FEDORA-2010-5539
FEDORA	FEDORA-2010-5561
MANDRIVA	MDVSA-2010:070
REDHAT	RHSA-2010:0332
REDHAT	RHSA-2010:0333
SUSE	SUSE-SR:2010:013
UBUNTU	USN-921-1
OVAL	oval:org.mitre.oval:def:7546
OVAL	oval:org.mitre.oval:def:9834
SECTRACK	1023780
SECTRACK	1023782
SECUNIA	38566
SECUNIA	39117
SECUNIA	39136
SECUNIA	39204
SECUNIA	39240
SECUNIA	39242
SECUNIA	39243
SECUNIA	39308
SECUNIA	39397
VUPEN	ADV-2010-0748
VUPEN	ADV-2010-0764
VUPEN	ADV-2010-0765
VUPEN	ADV-2010-0781
VUPEN	ADV-2010-0790
VUPEN	ADV-2010-0849
XF	firefox-nstreeselection-code-execution(57390)