CVE-2010-3183 Information

Description

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11 Thunderbird before 3.0.9 and 3.1.x before 3.1.5 and SeaMonkey before 2.0.9 does not properly support window.lookupGetter function calls that lack arguments which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a \dangling pointer\ and the JS_ValueToId function.

Reference

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-2010:211 http://www.mozilla.org/security/announce/2010/mfsa2010-67.html http://www.redhat.com/support/errata/RHSA-2010-0782.html http://www.redhat.com/support/errata/RHSA-2010-0861.html http://www.redhat.com/support/errata/RHSA-2010-0896.html http://www.securityfocus.com/bid/44249 http://www.ubuntu.com/usn/USN-997-1 http://www.ubuntu.com/usn/USN-998-1 http://www.vupen.com/english/advisories/2011/0061 http://www.zerodayinitiative.com/advisories/ZDI-10-219/ https://bugzilla.mozilla.org/show_bug.cgi?id=598669 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11891