Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2010-3183

Опубликовано: 21 окт. 2010
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 9.3

Описание

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.lookupGetter function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.

РелизСтатусПримечание
dapper

ignored

end of life
devel

released

3.6.11+build3+nobinonly-0ubuntu0.10.10.1
hardy

ignored

end of life
jaunty

DNE

karmic

DNE

lucid

released

3.6.11+build3+nobinonly-0ubuntu0.10.04.1
maverick

released

3.6.11+build3+nobinonly-0ubuntu0.10.10.1
natty

released

3.6.11+build3+nobinonly-0ubuntu0.10.10.1
upstream

released

3.6.11

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

released

3.6.11+build3+nobinonly-0ubuntu0.8.04.1
jaunty

released

3.6.11+build3+nobinonly-0ubuntu0.9.04.1
karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

upstream

needs-triage

Ubuntu source uses 3.6.x

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

DNE

jaunty

released

3.5.14+build3+nobinonly-0ubuntu0.9.04.1
karmic

released

3.6.11+build3+nobinonly-0ubuntu0.9.10.1
lucid

DNE

maverick

DNE

natty

DNE

upstream

needs-triage

Ubuntu source uses 3.6.x

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

2.0.9+build1+nobinonly-0ubuntu0.10.10.1
hardy

released

2.0.9+build1+nobinonly-0ubuntu0.8.04.1
jaunty

released

2.0.9+build1+nobinonly-0ubuntu0.9.04.1
karmic

released

2.0.9+build1+nobinonly-0ubuntu0.9.10.1
lucid

released

2.0.9+build1+nobinonly-0ubuntu0.10.04.1
maverick

released

2.0.9+build1+nobinonly-0ubuntu0.10.10.1
natty

released

2.0.9+build1+nobinonly-0ubuntu0.10.10.1
upstream

released

2.0.9

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

3.1.5+build1+nobinonly-0ubuntu0.10.10.1
hardy

ignored

end of life
jaunty

ignored

end of life
karmic

ignored

end of life
lucid

released

3.0.9+build1+nobinonly-0ubuntu0.10.04.1
maverick

released

3.1.5+build1+nobinonly-0ubuntu0.10.10.1
natty

released

3.1.5+build1+nobinonly-0ubuntu0.10.10.1
upstream

released

3.0.9, 3.1.5

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

DNE

jaunty

released

1.9.1.14+build4+nobinonly-0ubuntu0.9.04.1
karmic

released

1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1
lucid

DNE

maverick

DNE

natty

DNE

upstream

released

1.9.1.14

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1
hardy

released

1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1
jaunty

released

1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1
karmic

released

1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1
lucid

released

1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1
maverick

released

1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1
natty

released

1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1
upstream

released

1.9.2.11

Показывать по

Ссылки на источники

EPSS

Процентиль: 90%
0.06263
Низкий

9.3 Critical

CVSS2

Связанные уязвимости

redhat логотип

CVE-2010-3183

redhat
больше 14 лет назад

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.

nvd логотип

CVE-2010-3183

nvd
больше 14 лет назад

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.

debian логотип

CVE-2010-3183

debian
больше 14 лет назад

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox bef ...

github логотип

GHSA-254p-9j5r-3fvc

github
около 3 лет назад

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.

oracle-oval логотип

ELSA-2010-0782

oracle-oval
больше 14 лет назад

ELSA-2010-0782: firefox security update (CRITICAL)

EPSS

Процентиль: 90%
0.06263
Низкий

9.3 Critical

CVSS2

Уязвимость CVE-2010-3183