Oval Definition:oval:org.mitre.oval:def:11891
Revision Date:2014-10-06Version:34
Title:Vulnerability in the LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description:The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-3183
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis
  • Mozilla Firefox and version before 3.5.14 and 3.6.x before 3.6.11
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is before 3.5.14
  • OR Mozilla Firefox Mainline version is 3.6.x before 3.6.11
  • OR Mozilla Thunderbird and version before 3.0.9 and 3.1.x before 3.1.5
  • Mozilla Thunderbird Mainline release is installed
  • AND Thunderbird version is less than 3.0.9 or 3.1.x before 3.1.5
  • Check if Mozilla Thunderbird version is before 3.0.9
  • OR Check if Mozilla Thunderbird version is 3.1.x before 3.1.5
  • OR Mozilla Seamonkey and version less than 2.0.9
  • Mozilla Seamonkey is installed
  • AND Check if the version of Mozilla Seamonkey is less than 2.0.9
    • BACK