Detections
Analytics
CVE-2010-3183
critical
Description
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11891
https://bugzilla.mozilla.org/show_bug.cgi?id=598669
http://www.zerodayinitiative.com/advisories/ZDI-10-219/
http://www.vupen.com/english/advisories/2011/0061
http://www.ubuntu.com/usn/USN-998-1
http://www.ubuntu.com/usn/USN-997-1
http://www.securityfocus.com/bid/44249
http://www.redhat.com/support/errata/RHSA-2010-0896.html
http://www.redhat.com/support/errata/RHSA-2010-0861.html
http://www.redhat.com/support/errata/RHSA-2010-0782.html
http://www.mozilla.org/security/announce/2010/mfsa2010-67.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:211
http://www.mandriva.com/security/advisories?name=MDVSA-2010:210
http://www.debian.org/security/2010/dsa-2124
http://support.avaya.com/css/P8/documents/100120156
http://secunia.com/advisories/42867
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox