Unrated severityNVD Advisory· Published Mar 25, 2010· Updated Jun 16, 2026
CVE-2010-1121
CVE-2010-1121
Description
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
- (no CPE)range: <3.6.3
- osv-coords3 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1
Patches
Vulnerability mechanics
References
24- secunia.com/advisories/40323nvdVendor Advisory
- secunia.com/advisories/40326nvdVendor Advisory
- secunia.com/advisories/40401nvdVendor Advisory
- secunia.com/advisories/40481nvdVendor Advisory
- www.mozilla.org/security/announce/2010/mfsa2010-25.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2010/1557nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1640nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1773nvdVendor Advisory
- dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010nvd
- lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.htmlnvd
- news.cnet.com/8301-27080_3-20001126-245.htmlnvd
- support.avaya.com/css/P8/documents/100091069nvd
- twitter.com/thezdi/statuses/11005277222nvd
- ubuntu.com/usn/usn-930-1nvd
- www.redhat.com/support/errata/RHSA-2010-0500.htmlnvd
- www.redhat.com/support/errata/RHSA-2010-0501.htmlnvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-930-2nvd
- www.vupen.com/english/advisories/2010/1592nvd
- bugzilla.mozilla.org/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844nvd
News mentions
0No linked articles in our index yet.