CVE-2010-1121 Information

Description

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.

Reference

http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://news.cnet.com/8301-27080_3-20001126-245.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://twitter.com/thezdi/statuses/11005277222 http://ubuntu.com/usn/usn-930-1 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html http://www.redhat.com/support/errata/RHSA-2010-0500.html http://www.redhat.com/support/errata/RHSA-2010-0501.html http://www.securitytracker.com/id?1023817 http://www.ubuntu.com/usn/usn-930-2 http://www.vupen.com/english/advisories/2010/1557 http://www.vupen.com/english/advisories/2010/1592 http://www.vupen.com/english/advisories/2010/1640 http://www.vupen.com/english/advisories/2010/1773 https://bugzilla.mozilla.org/show_bug.cgi?id=555109 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10924 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6844