Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 312763 (CVE-2010-1121) - <www-client/firefox{,-bin}-3.6.3 <www-client/icecat-3.6.3 Memory Corrpution (CVE-2010-1121)
Summary: <www-client/firefox{,-bin}-3.6.3 <www-client/icecat-3.6.3 Memory Corrpution ...
Alias: CVE-2010-1121
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on: 314011 314025
  Show dependency tree
Reported: 2010-04-02 08:39 UTC by Alex Legler (RETIRED)
Modified: 2013-01-08 01:04 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-02 08:39:09 UTC
MFSA 2010-25:
A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.
Comment 1 Jory A. Pratt gentoo-dev 2010-04-05 05:18:47 UTC
firefox/xulrunner/firefox-bin all in tree, will be a few days on icecat.
Comment 2 Jory A. Pratt gentoo-dev 2010-04-09 03:24:30 UTC
all packages are in tree, we just have to wait on a few other packages before we push forward with finishing this up.
Comment 3 Nirbheek Chauhan (RETIRED) gentoo-dev 2010-06-26 09:59:08 UTC
@security: I would suggest not waiting for hppa before releasing the GLSAs. We already have a newer security bug to be tackled as well: bug 324735

Removing gnome-doc-utils/yelp from dependencies since only hppa is left for those, and they're listed in the deps of bug 314025 anyway.
Comment 4 Nirbheek Chauhan (RETIRED) gentoo-dev 2010-07-25 19:23:50 UTC
Please note that a www-client/mozilla-firefox -> www-client/firefox pkgmove was just done.
Comment 5 Nirbheek Chauhan (RETIRED) gentoo-dev 2010-09-16 13:36:46 UTC
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2010-11-26 19:56:55 UTC
Added to existing mozilla GLSA request.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-07-21 14:38:40 UTC
CVE-2010-1121 (
  Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of
  DOM nodes that are moved from one document to another, which allows remote
  attackers to conduct use-after-free attacks and execute arbitrary code via
  unspecified vectors involving improper interaction with garbage collection,
  as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:04:10 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at
by GLSA coordinator Sean Amoss (ackle).