Home > Vulnerability Database > CVE-2010-3168

Mend.io Vulnerability Database

CVE-2010-3168

Date: September 9, 2010

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.

Severity Score

8.1

Related Resources (19)

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12001

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2010:173

Url: http://www.vupen.com/english/advisories/2010/2323

Url: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html

Url: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

Url: http://www.vupen.com/english/advisories/2011/0061

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=576075

Url: http://www.mozilla.org/security/announce/2010/mfsa2010-55.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/61653

Url: http://www.securityfocus.com/bid/43108

Url: https://access.redhat.com/security/cve/CVE-2010-3168

Url: http://support.avaya.com/css/P8/documents/100112690

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3168

Url: http://secunia.com/advisories/42867

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-3168

Url: http://support.avaya.com/css/P8/documents/100110210

Url: http://www.debian.org/security/2010/dsa-2106

Url: https://www.mend.io/vulnerability-database/CVE-2010-3168

Severity Score

8.1

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-3168

Date: September 9, 2010

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?