Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1121 to the following vulnerability: Name: CVE-2010-1121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121 Assigned: 20100325 Reference: MISC: http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 Reference: MISC: http://news.cnet.com/8301-27080_3-20001126-245.html Reference: MISC: http://twitter.com/thezdi/statuses/11005277222 Unspecified vulnerability in Mozilla Firefox 3 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. NOTE: no details of the vulnerability are currently known. It is also unknown whether this flaw only affects Firefox on Windows, what versions of Firefox are affected, or whether it is exploitable on Linux.
xulrunner-1.9.2.3-1.fc13,firefox-3.6.3-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/xulrunner-1.9.2.3-1.fc13,firefox-3.6.3-1.fc13
xulrunner-1.9.2.3-1.fc13, firefox-3.6.3-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0500 https://rhn.redhat.com/errata/RHSA-2010-0500.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0501 https://rhn.redhat.com/errata/RHSA-2010-0501.html
The reason we stated we fixed this CVE even though it originally was stated as only affecting Firefox 3.6.x was due to the comment at http://www.mozilla.org/security/announce/2010/mfsa2010-25.html Updated (June 22, 2010): Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0 based on earlier versions of the browser engine were patched just in case there is an alternate way of triggering the underlying flaw. We've left the impact as critical but changed the public= date to match the date that it was public that versions <3.6.x potentially could be affected.
seamonkey-2.0.5-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/seamonkey-2.0.5-1.fc12
seamonkey-2.0.5-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/seamonkey-2.0.5-1.fc13
firefox-3.5.10-1.fc12,xulrunner-1.9.1.10-1.fc12,mozvoikko-1.0-10.fc12,gnome-web-photo-0.9-7.fc12,gnome-python2-extras-2.25.3-18.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.13,galeon-2.0.7-23.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/firefox-3.5.10-1.fc12,xulrunner-1.9.1.10-1.fc12,mozvoikko-1.0-10.fc12,gnome-web-photo-0.9-7.fc12,gnome-python2-extras-2.25.3-18.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.13,galeon-2.0.7-23.fc12
seamonkey-2.0.5-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
xulrunner-1.9.1.10-1.fc12, mozvoikko-1.0-10.fc12, gnome-web-photo-0.9-7.fc12, gnome-python2-extras-2.25.3-18.fc12, perl-Gtk2-MozEmbed-0.08-6.fc12.13, galeon-2.0.7-23.fc12, firefox-3.5.10-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-2.0.5-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
thunderbird-3.0.6-1.fc12, sunbird-1.0-0.23.20090916hg.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.