Oval Definition:oval:org.mitre.oval:def:11969
Revision Date:2014-10-06Version:33
Title:Mozilla Multiple Products navigator.plugins DOM Plugin Array Destruction Navigator Object Dangling Pointer Arbitrary Code Execution
Description:The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-2767
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis
  • Check for vulnerable Firefox
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is 3.5.x before 3.5.12
  • OR Mozilla Firefox Mainline version is 3.6.x before 3.6.9
  • OR Check for vulnerable SeaMonkey
  • Mozilla Seamonkey is installed
  • AND Mozilla Seamonkey version less than 2.0.7
  • OR Check for vulnerable Thunderbird
  • Mozilla Thunderbird Mainline release is installed
  • AND Thunderbird version is 3.1.x before 3.1.3 or 3.0.x before 3.0.7
  • Mozilla Thunderbird 3.1.x before 3.1.3
  • OR Mozilla Thunderbird 3.0.x before 3.0.7
    • BACK