Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a dangling pointer vulnerability.
NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.
|Base Score:||9.3||Base Metrics:||AV:N/AC:M/Au:N/C:C/I:C/A:C|
|Access Vector:||Network||Attack Complexity:||Medium|
|Authentication:||None required||Confidentiality Impact:||Complete|
|Integrity Impact:||Complete||Availability Impact:||Complete|
|Oracle Enterprise Linux version 3 (seamonkey)||ELSA-2010-0333||2010-03-30|
|Oracle Enterprise Linux version 4 (firefox)||ELSA-2010-0332||2010-03-31|
|Oracle Enterprise Linux version 4 (seamonkey)||ELSA-2010-0333||2010-03-30|
|Oracle Enterprise Linux version 4 (thunderbird)||ELSA-2010-0544||2010-07-21|
|Oracle Linux version 5 (firefox)||ELSA-2010-0332||2010-03-31|
|Oracle Linux version 5 (xulrunner)||ELSA-2010-0332||2010-03-31|
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team