Bug 566596 (CVE-2010-1028)

Summary: CVE-2010-1028 firefox: unspecified code execution vulnerability (VulnDisco 9.0)
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: bressers, desktop-bugs, gecko-bugs-nobody
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-04-06 19:25:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vincent Danen 2010-02-18 22:13:04 UTC 
A new release of VulnDisco indicates it contains a 0-day Firefox exploit against version 3.6 and possibly other versions.  The vulnerability is unspecified, but is reportedly able to result in the execution of arbitrary code with the privileges of the user running Firefox.

There is no further information on this flaw currently available.

References:

https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/
http://secunia.com/advisories/38608/
Comment 2 Josh Bressers 2010-04-06 19:25:16 UTC 
This flaw only affected 3.6, and is fixed in 3.6.2. I'm closing this bug.