CVE DATABASE / CVE-2010-1208
CVE-2010-1208
CVSS 8.8 · HIGH
Summary
Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Mozilla firefoxMozilla seamonkey
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.mozilla.org/security/announce/2010/mfsa2010-35.html
- http://www.securityfocus.com/archive/1/512515
- http://www.securityfocus.com/bid/41849
- http://www.zerodayinitiative.com/advisories/ZDI-10-134/
- https://bugzilla.mozilla.org/show_bug.cgi?id=572986
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740
Data: NIST NVD. NVD last modified 2026-04-29. Always verify against the vendor advisory before acting.