New Search

Vulnerability in the LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11 Thunderbird before 3.0.9 and 3.1.x before 3.1.5 and SeaMonkey before 2.0.9

oval:org.mitre.oval:def:11891

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11 Thunderbird before 3.0.9 and 3.1.x before 3.1.5 and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 7
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista
  • Microsoft Windows 2000
  • Microsoft Windows Server 2008
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2010-3183
Product(s):
  • Mozilla Thunderbird
  • Mozilla Seamonkey
  • Mozilla Firefox