CVE-2010-2766
Priority
Medium
Description
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x
before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and
SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes
during normalization, which might allow remote attackers to execute
arbitrary code via vectors involving access to a deleted object.
before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and
SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes
during normalization, which might allow remote attackers to execute
arbitrary code via vectors involving access to a deleted object.
References
Notes
jdstrand> CVEs in Firefox are tracked in the xulrunner source packages for
builds that use the system xulrunner, and firefox source packages for those
that use a static build
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul)
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul)
xulrunner-1.9: (ignored) reverse dependencies no longer process web content
xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content
xulrunner-1.9.2: system xul for reverese dependencies that process web content
firefox: Ubuntu 6.06 LTS (static build)
firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher)
firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x)
firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead)
firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)
builds that use the system xulrunner, and firefox source packages for those
that use a static build
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul)
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul)
xulrunner-1.9: (ignored) reverse dependencies no longer process web content
xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content
xulrunner-1.9.2: system xul for reverese dependencies that process web content
firefox: Ubuntu 6.06 LTS (static build)
firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher)
firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x)
firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead)
firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)
Assigned-to
chriscoulson
Package
| Upstream: | needs-triage (Ubuntu source uses 3.6.x) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (3.6.9+build1+nobinonly-0ubuntu0.8.04.1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
Package
| Upstream: | released (3.6.9) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (uses system xulrunner) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (3.6.9+build1+nobinonly-0ubuntu0.10.04.1) |
| Ubuntu 11.04 (Natty Narwhal): | released (3.6.9+build1+nobinonly-0ubuntu1 ) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (3.6.9+build1+nobinonly-0ubuntu1 ) |
Package
| Upstream: | needs-triage (Ubuntu source uses 3.6.x) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
Package
| Upstream: | released (2.0.7) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (2.0.8+build1+nobinonly-0ubuntu0.8.04.1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.0.7+build1+nobinonly-0ubuntu0.10.04.1) |
| Ubuntu 11.04 (Natty Narwhal): | released (2.0.7+build1+nobinonly-0ubuntu1) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (2.0.7+build1+nobinonly-0ubuntu1) |
Package
| Upstream: | released (3.0.7, 3.1.3) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (3.0.7+build1+nobinonly-0ubuntu0.10.04.1) |
| Ubuntu 11.04 (Natty Narwhal): | released (3.1.3+build1+nobinonly-0ubuntu1) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (3.1.3+build1+nobinonly-0ubuntu1) |
Package
| Upstream: | released (1.9.1.12) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
Package
| Upstream: | released (1.9.2.9) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (1.9.2.9+build1+nobinonly-0ubuntu0.8.04.1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (1.9.2.9+build1+nobinonly-0ubuntu0.10.04.1) |
| Ubuntu 11.04 (Natty Narwhal): | released (1.9.2.9+build1+nobinonly-0ubuntu1) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (1.9.2.9+build1+nobinonly-0ubuntu1) |