CVE-2010-0177
Last modified
CVE-2010-0177 is a vulnerability of currently unknown severity. Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability.". EPSS estimates a 6.94% chance of exploitation in the next 30 days.
Description
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 3.6 |
| Mozilla | Firefox | <= 3.0.17 |
| Mozilla | Firefox | 0.1 |
| Mozilla | Firefox | 0.2 |
| Mozilla | Firefox | 0.3 |
| Mozilla | Firefox | 0.4 |
| Mozilla | Firefox | 0.5 |
| Mozilla | Firefox | 0.6 |
| Mozilla | Firefox | 0.6.1 |
| Mozilla | Firefox | 0.7 |
| Mozilla | Firefox | 0.7.1 |
| Mozilla | Firefox | 0.8 |
| Mozilla | Firefox | 0.9 |
| Mozilla | Firefox | 0.9.1 |
| Mozilla | Firefox | 0.9.2 |
| Mozilla | Firefox | 0.9.3 |
| Mozilla | Firefox | 0.10 |
| Mozilla | Firefox | 0.10.1 |
| Mozilla | Firefox | 1.0 |
| Mozilla | Firefox | 1.0.1 |
| Mozilla | Firefox | 1.0.2 |
| Mozilla | Firefox | 1.0.3 |
| Mozilla | Firefox | 1.0.4 |
| Mozilla | Firefox | 1.0.5 |
| Mozilla | Firefox | 1.0.6 |
| Mozilla | Firefox | 1.0.7 |
| Mozilla | Firefox | 1.0.8 |
| Mozilla | Firefox | 1.5 |
| Mozilla | Firefox | 1.5.0.1 |
| Mozilla | Firefox | 1.5.0.2 |
| Mozilla | Firefox | 1.5.0.3 |
| Mozilla | Firefox | 1.5.0.4 |
| Mozilla | Firefox | 1.5.0.5 |
| Mozilla | Firefox | 1.5.0.6 |
| Mozilla | Firefox | 1.5.0.7 |
| Mozilla | Firefox | 1.5.0.8 |
| Mozilla | Firefox | 1.5.0.9 |
| Mozilla | Firefox | 1.5.0.10 |
| Mozilla | Firefox | 1.5.0.11 |
| Mozilla | Firefox | 1.5.0.12 |
| Mozilla | Firefox | 1.5.1 |
| Mozilla | Firefox | 1.5.2 |
| Mozilla | Firefox | 1.5.3 |
| Mozilla | Firefox | 1.5.4 |
| Mozilla | Firefox | 1.5.5 |
| Mozilla | Firefox | 1.5.6 |
| Mozilla | Firefox | 1.5.7 |
| Mozilla | Firefox | 1.5.8 |
| Mozilla | Firefox | 2.0 |
| Mozilla | Firefox | 2.0.0.1 |
Showing 50 of 129 affected configurations. See NVD for the full list.
References
- http://secunia.com/advisories/38566Vendor Advisory
- http://secunia.com/advisories/39117Vendor Advisory
- http://secunia.com/advisories/39136Vendor Advisory
- http://secunia.com/advisories/39240Vendor Advisory
- http://secunia.com/advisories/39243Vendor Advisory
- http://www.vupen.com/english/advisories/2010/0748Vendor Advisory
- http://www.vupen.com/english/advisories/2010/0764Vendor Advisory
- http://www.vupen.com/english/advisories/2010/0765Vendor Advisory
- http://secunia.com/advisories/38566Vendor Advisory
- http://secunia.com/advisories/39117Vendor Advisory
- http://secunia.com/advisories/39136Vendor Advisory
- http://secunia.com/advisories/39240Vendor Advisory
- http://secunia.com/advisories/39243Vendor Advisory
- http://www.vupen.com/english/advisories/2010/0748Vendor Advisory
- http://www.vupen.com/english/advisories/2010/0764Vendor Advisory
- http://www.vupen.com/english/advisories/2010/0765Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-0177?
How severe is CVE-2010-0177?
How do I fix CVE-2010-0177?
Are you affected by CVE-2010-0177?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST