Launchpad CVE tracker

CVE 2010-3168

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.

Related bugs and status

CVE-2010-3168 (Candidate) is related to these bugs:

Bug #469752: firefox,3.5/3.6 startup-notification bug

		In	Importance	Status
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu)	Medium	Invalid
469752	firefox,3.5/3.6 startup-notification bug	Mozilla Firefox	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Suse)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu Lucid)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu Lucid)	Medium	Invalid

Bug #593571: The file jar:file:///usr/lib/seamonkey-2.0.4/chrome/messenger.jar!/content/messenger/am-newsblog.xul cannot be found. Please check the location and try again.

Summary				In	Importance	Status
	593571	The file jar:file:///usr/lib/seamonkey-2.0.4/chrome/messenger.jar!/content/messenger/am-newsblog.xul cannot be found. Please check the location and try again.		seamonkey (Ubuntu)	Medium	Fix Released
	593571	The file jar:file:///usr/lib/seamonkey-2.0.4/chrome/messenger.jar!/content/messenger/am-newsblog.xul cannot be found. Please check the location and try again.		seamonkey (Ubuntu Lucid)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-3168

References