Bug 630064 – CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55)

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 630064 - (CVE-2010-3168) CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55)

Summary:	CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA ...

Status:	CLOSED ERRATA

Aliases:	CVE-2010-3168

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	urgent Severity urgent
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	public=20100907,reported=20100901,sou...
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2010-09-03 11:56 EDT by Josh Bressers
Modified:	2015-08-19 04:54 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-04-12 17:52:44 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2010:0680	normal	SHIPPED_LIVE	Critical: seamonkey security update	2010-09-07 21:09:16 EDT
Red Hat Product Errata	RHSA-2010:0681	normal	SHIPPED_LIVE	Critical: firefox security update	2010-09-07 20:33:03 EDT
Red Hat Product Errata	RHSA-2010:0682	normal	SHIPPED_LIVE	Moderate: thunderbird security update	2010-09-07 20:06:28 EDT

Groups: None (edit)

Description Josh Bressers 2010-09-03 11:56:38 EDT

Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that XUL <tree> objects could be manipulated such that the
setting of certain properties on the object would trigger the removal of
the tree from the DOM and cause certain sections of deleted memory to be
accessed. An attacker could potentially use this vulnerability to crash a
victim's browser and run arbitrary code on their computer.

Comment 1 Vincent Danen 2010-09-07 19:27:13 EDT

This is now public:

http://www.mozilla.org/security/announce/2010/mfsa2010-55.html

Comment 2 errata-xmlrpc 2010-09-07 20:06:51 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0682 https://rhn.redhat.com/errata/RHSA-2010-0682.html

Comment 3 errata-xmlrpc 2010-09-07 20:34:04 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0681 https://rhn.redhat.com/errata/RHSA-2010-0681.html

Comment 4 errata-xmlrpc 2010-09-07 21:10:13 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4

Via RHSA-2010:0680 https://rhn.redhat.com/errata/RHSA-2010-0680.html

Note You need to log in before you can comment on or make changes to this bug.