CVE-2010-2766

Priority
Medium
Description
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x
before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and
SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes
during normalization, which might allow remote attackers to execute
arbitrary code via vectors involving access to a deleted object.
References
Notes
jdstrand> CVEs in Firefox are tracked in the xulrunner source packages for
builds that use the system xulrunner, and firefox source packages for those
that use a static build
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul)
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul)
xulrunner-1.9: (ignored) reverse dependencies no longer process web content
xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content
xulrunner-1.9.2: system xul for reverese dependencies that process web content
firefox: Ubuntu 6.06 LTS (static build)
firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher)
firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x)
firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead)
firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)
Assigned-to
chriscoulson
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Ubuntu 8.04 LTS (Hardy Heron):released (3.6.9+build1+nobinonly-0ubuntu0.8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:released (3.6.9)
Ubuntu 8.04 LTS (Hardy Heron):ignored (uses system xulrunner)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.6.9+build1+nobinonly-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):released (3.6.9+build1+nobinonly-0ubuntu1 )
Ubuntu 11.10 (Oneiric Ocelot):released (3.6.9+build1+nobinonly-0ubuntu1 )
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:released (2.0.7)
Ubuntu 8.04 LTS (Hardy Heron):released (2.0.8+build1+nobinonly-0ubuntu0.8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.0.7+build1+nobinonly-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):released (2.0.7+build1+nobinonly-0ubuntu1)
Ubuntu 11.10 (Oneiric Ocelot):released (2.0.7+build1+nobinonly-0ubuntu1)
Package
Upstream:released (3.0.7, 3.1.3)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.0.7+build1+nobinonly-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):released (3.1.3+build1+nobinonly-0ubuntu1)
Ubuntu 11.10 (Oneiric Ocelot):released (3.1.3+build1+nobinonly-0ubuntu1)
Package
Upstream:released (1.9.1.12)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:released (1.9.2.9)
Ubuntu 8.04 LTS (Hardy Heron):released (1.9.2.9+build1+nobinonly-0ubuntu0.8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.9.2.9+build1+nobinonly-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):released (1.9.2.9+build1+nobinonly-0ubuntu1)
Ubuntu 11.10 (Oneiric Ocelot):released (1.9.2.9+build1+nobinonly-0ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:13 UTC (commit 5347)