CVE-2010-3167: Buffer Overflow
First published: Thu Sep 09 2010(Updated: )
The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =3.6.2 | |
| Firefox | =3.6.3 | |
| Firefox | =3.6.8 | |
| Firefox | =3.6.6 | |
| Firefox | =3.6.7 | |
| Firefox | =3.6.4 | |
| Firefox | =3.6 | |
| Mozilla SeaMonkey | =1.1.10 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Mozilla SeaMonkey | =1.1.8 | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.1.7 | |
| Mozilla SeaMonkey | =1.5.0.10 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Mozilla SeaMonkey | =1.1.3 | |
| Mozilla SeaMonkey | =2.0a1pre | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =1.1.17 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =1.1.5 | |
| Mozilla SeaMonkey | =1.0.7 | |
| Mozilla SeaMonkey | =1.0-beta | |
| Mozilla SeaMonkey | =1.1-alpha | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =1.0-alpha | |
| Mozilla SeaMonkey | =1.1.12 | |
| Mozilla SeaMonkey | =1.1 | |
| Mozilla SeaMonkey | =1.1.14 | |
| Mozilla SeaMonkey | =1.1.2 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla SeaMonkey | =1.0.8 | |
| Mozilla SeaMonkey | <=2.0.6 | |
| Mozilla SeaMonkey | =1.1.11 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =1.5.0.9 | |
| Mozilla SeaMonkey | =1.1-beta | |
| Mozilla SeaMonkey | =1.1.1 | |
| Mozilla SeaMonkey | =1.5.0.8 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Mozilla SeaMonkey | =1.1.15 | |
| Mozilla SeaMonkey | =1.1.6 | |
| Mozilla SeaMonkey | =1.1.16 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =1.1.19 | |
| Mozilla SeaMonkey | =2.0.5 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Mozilla SeaMonkey | =1.1.9 | |
| Mozilla SeaMonkey | =1.1.13 | |
| Mozilla SeaMonkey | =1.1.18 | |
| Mozilla SeaMonkey | =2.0 | |
| Mozilla SeaMonkey | =1.1.4 | |
| Thunderbird | =3.0.5 | |
| Thunderbird | =1.5.0.7 | |
| Thunderbird | =0.6 | |
| Thunderbird | =0.7.2 | |
| Thunderbird | =2.0.0.4 | |
| Thunderbird | =2.0.0.6 | |
| Thunderbird | =0.3 | |
| Thunderbird | =2.0.0.21 | |
| Thunderbird | =3.0.1 | |
| Thunderbird | =0.2 | |
| Thunderbird | =3.1.2 | |
| Thunderbird | =3.1.1 | |
| Thunderbird | =1.0.7 | |
| Thunderbird | =2.0.0.18 | |
| Thunderbird | =2.0.0.9 | |
| Thunderbird | =2.0.0.16 | |
| Thunderbird | =2.0.0.8 | |
| Thunderbird | =2.0.0.7 | |
| Thunderbird | =1.5.0.3 | |
| Thunderbird | =1.5.0.10 | |
| Thunderbird | =1.5.0.5 | |
| Thunderbird | =1.5.0.6 | |
| Thunderbird | =1.0 | |
| Thunderbird | =2.0.0.3 | |
| Thunderbird | <=3.0.6 | |
| Thunderbird | =1.0.1 | |
| Thunderbird | =1.5-beta2 | |
| Thunderbird | =2.0.0.2 | |
| Thunderbird | =3.0.3 | |
| Thunderbird | =1.0.2 | |
| Thunderbird | =2.0.0.0 | |
| Thunderbird | =1.5.0.13 | |
| Thunderbird | =2.0.0.12 | |
| Thunderbird | =2.0.0.22 | |
| Thunderbird | =1.5 | |
| Thunderbird | =1.5.0.2 | |
| Thunderbird | =1.5.0.8 | |
| Thunderbird | =2.0.0.14 | |
| Thunderbird | =3.0.4 | |
| Thunderbird | =0.5 | |
| Thunderbird | =1.0.4 | |
| Thunderbird | =1.5.2 | |
| Thunderbird | =2.0.0.17 | |
| Thunderbird | =2.0.0.23 | |
| Thunderbird | =1.5.0.9 | |
| Thunderbird | =1.5.0.11 | |
| Thunderbird | =0.9 | |
| Thunderbird | =1.0.3 | |
| Thunderbird | =2.0 | |
| Thunderbird | =3.0 | |
| Thunderbird | =1.5.0.12 | |
| Thunderbird | =0.7.3 | |
| Thunderbird | =0.4 | |
| Thunderbird | =1.5.1 | |
| Thunderbird | =0.7 | |
| Thunderbird | =1.5.0.14 | |
| Thunderbird | =3.1 | |
| Thunderbird | =1.0.6 | |
| Thunderbird | =2.0.0.5 | |
| Thunderbird | =2.0.0.1 | |
| Thunderbird | =1.5.0.1 | |
| Thunderbird | =1.0.8 | |
| Thunderbird | =0.1 | |
| Thunderbird | =0.7.1 | |
| Thunderbird | =1.0.5 | |
| Thunderbird | =0.8 | |
| Thunderbird | =3.0.2 | |
| Thunderbird | =2.0.0.19 | |
| Thunderbird | =1.5.0.4 | |
| Firefox | =2.0.0.12 | |
| Firefox | =1.5-beta2 | |
| Firefox | =3.0.17 | |
| Firefox | =3.5.3 | |
| Firefox | =3.0.7 | |
| Firefox | =1.5.2 | |
| Firefox | =3.0.9 | |
| Firefox | =1.5.0.6 | |
| Firefox | =2.0.0.2 | |
| Firefox | =1.5.0.10 | |
| Firefox | =1.5.0.3 | |
| Firefox | =3.5.6 | |
| Firefox | =3.0.8 | |
| Firefox | =1.5.0.11 | |
| Firefox | =1.5.4 | |
| Firefox | =1.0.2 | |
| Firefox | =3.5 | |
| Firefox | =3.5.5 | |
| Firefox | =3.0.4 | |
| Firefox | =1.5-beta1 | |
| Firefox | =3.5.9 | |
| Firefox | =3.5.4 | |
| Firefox | =3.5.7 | |
| Firefox | =3.0.5 | |
| Firefox | =1.5 | |
| Firefox | =1.0.4 | |
| Firefox | =2.0.0.7 | |
| Firefox | =1.0.7 | |
| Firefox | =3.5.10 | |
| Firefox | =3.5.1 | |
| Firefox | =2.0.0.9 | |
| Firefox | =3.0.14 | |
| Firefox | =3.5.2 | |
| Firefox | =2.0.0.16 | |
| Firefox | =1.5.6 | |
| Firefox | =2.0.0.17 | |
| Firefox | =2.0.0.15 | |
| Firefox | =3.0.10 | |
| Firefox | =3.0.12 | |
| Firefox | =1.0 | |
| Firefox | =3.0.3 | |
| Firefox | =1.5.0.7 | |
| Firefox | =2.0 | |
| Firefox | =1.0.1 | |
| Firefox | =2.0.0.14 | |
| Firefox | =3.0.6 | |
| Firefox | =3.0.15 | |
| Firefox | =1.5.0.8 | |
| Firefox | =2.0.0.3 | |
| Firefox | =1.5.0.9 | |
| Firefox | =1.5.0.5 | |
| Firefox | =1.5.7 | |
| Firefox | =1.5.0.12 | |
| Firefox | =2.0.0.6 | |
| Firefox | <=3.5.11 | |
| Firefox | =3.0 | |
| Firefox | =2.0.0.11 | |
| Firefox | =1.5.0.2 | |
| Firefox | =1.0.3 | |
| Firefox | =3.0.1 | |
| Firefox | =2.0.0.4 | |
| Firefox | =1.5.1 | |
| Firefox | =2.0.0.13 | |
| Firefox | =2.0.0.18 | |
| Firefox | =2.0.0.1 | |
| Firefox | =3.0.2 | |
| Firefox | =3.5.8 | |
| Firefox | =1.5.5 | |
| Firefox | =1.0-preview_release | |
| Firefox | =2.0.0.20 | |
| Firefox | =2.0.0.8 | |
| Firefox | =2.0.0.19 | |
| Firefox | =1.5.8 | |
| Firefox | =1.5.3 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.1 | |
| Firefox | =3.0.13 | |
| Firefox | =1.0.5 | |
| Firefox | =2.0.0.5 | |
| Firefox | =2.0.0.10 | |
| Firefox | =1.0.6 | |
| Firefox | =3.0.16 | |
| Firefox | =1.0.8 | |
| Firefox | =3.0.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
- http://secunia.com/advisories/42867
- http://support.avaya.com/css/P8/documents/100110210
- http://support.avaya.com/css/P8/documents/100112690
- http://www.debian.org/security/2010/dsa-2106
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
- http://www.mozilla.org/security/announce/2010/mfsa2010-56.html
- http://www.securityfocus.com/bid/43097
- http://www.vupen.com/english/advisories/2010/2323
- http://www.vupen.com/english/advisories/2011/0061
- http://www.zerodayinitiative.com/advisories/ZDI-10-171/
- https://bugzilla.mozilla.org/show_bug.cgi?id=576070
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61661
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12136
Frequently Asked Questions
What is the severity of CVE-2010-3167?
CVE-2010-3167 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2010-3167?
To fix CVE-2010-3167, update Mozilla Firefox, Thunderbird, or SeaMonkey to the latest version that addresses this vulnerability.
Which versions of software are affected by CVE-2010-3167?
CVE-2010-3167 affects Mozilla Firefox versions before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7.
Can CVE-2010-3167 be exploited remotely?
Yes, CVE-2010-3167 can be exploited remotely, allowing attackers to execute arbitrary code.
What should I do if I cannot update to fix CVE-2010-3167?
If you cannot update, consider temporarily using alternative software or apply security boundaries such as network segmentation to mitigate risks.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/3.6.2
- version/firefox/3.6.3
- version/firefox/3.6.8
- version/firefox/3.6.6
- version/firefox/3.6.7
- version/firefox/3.6.4
- version/firefox/3.6
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.1.10
- version/mozilla seamonkey/1.0.3
- version/mozilla seamonkey/1.1.8
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.1.7
- version/mozilla seamonkey/1.5.0.10
- version/mozilla seamonkey/1.0.6
- version/mozilla seamonkey/1.0.9
- version/mozilla seamonkey/1.1.3
- version/mozilla seamonkey/2.0a1pre
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/1.0
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/1.1.17
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/1.1.5
- version/mozilla seamonkey/1.0.7
- version/mozilla seamonkey/1.0-beta
- version/mozilla seamonkey/1.1-alpha
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/1.0-alpha
- version/mozilla seamonkey/1.1.12
- version/mozilla seamonkey/1.1
- version/mozilla seamonkey/1.1.14
- version/mozilla seamonkey/1.1.2
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/1.0.2
- version/mozilla seamonkey/1.0.8
- version/mozilla seamonkey/2.0.6
- version/mozilla seamonkey/1.1.11
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla seamonkey/1.5.0.9
- version/mozilla seamonkey/1.1-beta
- version/mozilla seamonkey/1.1.1
- version/mozilla seamonkey/1.5.0.8
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/1.0.5
- version/mozilla seamonkey/1.1.15
- version/mozilla seamonkey/1.1.6
- version/mozilla seamonkey/1.1.16
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/1.1.19
- version/mozilla seamonkey/2.0.5
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/1.0.4
- version/mozilla seamonkey/1.1.9
- version/mozilla seamonkey/1.1.13
- version/mozilla seamonkey/1.1.18
- version/mozilla seamonkey/2.0
- version/mozilla seamonkey/1.1.4
- canonical/thunderbird
- version/thunderbird/3.0.5
- version/thunderbird/1.5.0.7
- version/thunderbird/0.6
- version/thunderbird/0.7.2
- version/thunderbird/2.0.0.4
- version/thunderbird/2.0.0.6
- version/thunderbird/0.3
- version/thunderbird/2.0.0.21
- version/thunderbird/3.0.1
- version/thunderbird/0.2
- version/thunderbird/3.1.2
- version/thunderbird/3.1.1
- version/thunderbird/1.0.7
- version/thunderbird/2.0.0.18
- version/thunderbird/2.0.0.9
- version/thunderbird/2.0.0.16
- version/thunderbird/2.0.0.8
- version/thunderbird/2.0.0.7
- version/thunderbird/1.5.0.3
- version/thunderbird/1.5.0.10
- version/thunderbird/1.5.0.5
- version/thunderbird/1.5.0.6
- version/thunderbird/1.0
- version/thunderbird/2.0.0.3
- version/thunderbird/3.0.6
- version/thunderbird/1.0.1
- version/thunderbird/1.5-beta2
- version/thunderbird/2.0.0.2
- version/thunderbird/3.0.3
- version/thunderbird/1.0.2
- version/thunderbird/2.0.0.0
- version/thunderbird/1.5.0.13
- version/thunderbird/2.0.0.12
- version/thunderbird/2.0.0.22
- version/thunderbird/1.5
- version/thunderbird/1.5.0.2
- version/thunderbird/1.5.0.8
- version/thunderbird/2.0.0.14
- version/thunderbird/3.0.4
- version/thunderbird/0.5
- version/thunderbird/1.0.4
- version/thunderbird/1.5.2
- version/thunderbird/2.0.0.17
- version/thunderbird/2.0.0.23
- version/thunderbird/1.5.0.9
- version/thunderbird/1.5.0.11
- version/thunderbird/0.9
- version/thunderbird/1.0.3
- version/thunderbird/2.0
- version/thunderbird/3.0
- version/thunderbird/1.5.0.12
- version/thunderbird/0.7.3
- version/thunderbird/0.4
- version/thunderbird/1.5.1
- version/thunderbird/0.7
- version/thunderbird/1.5.0.14
- version/thunderbird/3.1
- version/thunderbird/1.0.6
- version/thunderbird/2.0.0.5
- version/thunderbird/2.0.0.1
- version/thunderbird/1.5.0.1
- version/thunderbird/1.0.8
- version/thunderbird/0.1
- version/thunderbird/0.7.1
- version/thunderbird/1.0.5
- version/thunderbird/0.8
- version/thunderbird/3.0.2
- version/thunderbird/2.0.0.19
- version/thunderbird/1.5.0.4
- version/firefox/2.0.0.12
- version/firefox/1.5-beta2
- version/firefox/3.0.17
- version/firefox/3.5.3
- version/firefox/3.0.7
- version/firefox/1.5.2
- version/firefox/3.0.9
- version/firefox/1.5.0.6
- version/firefox/2.0.0.2
- version/firefox/1.5.0.10
- version/firefox/1.5.0.3
- version/firefox/3.5.6
- version/firefox/3.0.8
- version/firefox/1.5.0.11
- version/firefox/1.5.4
- version/firefox/1.0.2
- version/firefox/3.5
- version/firefox/3.5.5
- version/firefox/3.0.4
- version/firefox/1.5-beta1
- version/firefox/3.5.9
- version/firefox/3.5.4
- version/firefox/3.5.7
- version/firefox/3.0.5
- version/firefox/1.5
- version/firefox/1.0.4
- version/firefox/2.0.0.7
- version/firefox/1.0.7
- version/firefox/3.5.10
- version/firefox/3.5.1
- version/firefox/2.0.0.9
- version/firefox/3.0.14
- version/firefox/3.5.2
- version/firefox/2.0.0.16
- version/firefox/1.5.6
- version/firefox/2.0.0.17
- version/firefox/2.0.0.15
- version/firefox/3.0.10
- version/firefox/3.0.12
- version/firefox/1.0
- version/firefox/3.0.3
- version/firefox/1.5.0.7
- version/firefox/2.0
- version/firefox/1.0.1
- version/firefox/2.0.0.14
- version/firefox/3.0.6
- version/firefox/3.0.15
- version/firefox/1.5.0.8
- version/firefox/2.0.0.3
- version/firefox/1.5.0.9
- version/firefox/1.5.0.5
- version/firefox/1.5.7
- version/firefox/1.5.0.12
- version/firefox/2.0.0.6
- version/firefox/3.5.11
- version/firefox/3.0
- version/firefox/2.0.0.11
- version/firefox/1.5.0.2
- version/firefox/1.0.3
- version/firefox/3.0.1
- version/firefox/2.0.0.4
- version/firefox/1.5.1
- version/firefox/2.0.0.13
- version/firefox/2.0.0.18
- version/firefox/2.0.0.1
- version/firefox/3.0.2
- version/firefox/3.5.8
- version/firefox/1.5.5
- version/firefox/1.0-preview_release
- version/firefox/2.0.0.20
- version/firefox/2.0.0.8
- version/firefox/2.0.0.19
- version/firefox/1.5.8
- version/firefox/1.5.3
- version/firefox/1.5.0.4
- version/firefox/1.5.0.1
- version/firefox/3.0.13
- version/firefox/1.0.5
- version/firefox/2.0.0.5
- version/firefox/2.0.0.10
- version/firefox/1.0.6
- version/firefox/3.0.16
- version/firefox/1.0.8
- version/firefox/3.0.11