High severity8.8NVD Advisory· Published Jul 30, 2010· Updated Apr 29, 2026

CVE-2010-1208

Description

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: >=3.5,<3.5.11
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <2.0.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPatch
www.mozilla.org/security/announce/2010/mfsa2010-35.htmlnvdVendor Advisory
www.securityfocus.com/archive/1/512515nvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/41849nvdBroken LinkThird Party AdvisoryVDB Entry
www.zerodayinitiative.com/advisories/ZDI-10-134/nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000