CVE-2010-2753

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.

CVSS v3 8.8 HIGH
CVSS v2.0 9.3 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html	Mailing List Third Party Advisory
http://www.mozilla.org/security/announce/2010/mfsa2010-40.html	Vendor Advisory
http://www.securityfocus.com/archive/1/512510	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/41853	Broken Link Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-10-131/	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=571106	Exploit Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html	Mailing List Third Party Advisory
http://www.mozilla.org/security/announce/2010/mfsa2010-40.html	Vendor Advisory
http://www.securityfocus.com/archive/1/512510	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/41853	Broken Link Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-10-131/	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=571106	Exploit Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::

Configuration 2 (hide)

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird:3.1:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:11:-::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:-::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1::::::

History

21 Nov 2024, 01:17

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html - Mailing List, Third Party Advisory
References	~~() http://www.mozilla.org/security/announce/2010/mfsa2010-40.html - Vendor Advisory~~	() http://www.mozilla.org/security/announce/2010/mfsa2010-40.html - Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/512510 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/archive/1/512510 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/bid/41853 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/41853 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.zerodayinitiative.com/advisories/ZDI-10-131/ - Third Party Advisory, VDB Entry~~	() http://www.zerodayinitiative.com/advisories/ZDI-10-131/ - Third Party Advisory, VDB Entry
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=571106 - Exploit, Issue Tracking~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=571106 - Exploit, Issue Tracking
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958 - Broken Link~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958 - Broken Link

03 Feb 2024, 02:26

Type	Values Removed	Values Added
References	~~(MISC) http://www.zerodayinitiative.com/advisories/ZDI-10-131/ -~~	(MISC) http://www.zerodayinitiative.com/advisories/ZDI-10-131/ - Third Party Advisory, VDB Entry
References	~~(CONFIRM) https://bugzilla.mozilla.org/show_bug.cgi?id=571106 -~~	(CONFIRM) https://bugzilla.mozilla.org/show_bug.cgi?id=571106 - Exploit, Issue Tracking
References	~~(BID) http://www.securityfocus.com/bid/41853 -~~	(BID) http://www.securityfocus.com/bid/41853 - Broken Link, Third Party Advisory, VDB Entry
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958 - Broken Link
References	~~(BUGTRAQ) http://www.securityfocus.com/archive/1/512510 -~~	(BUGTRAQ) http://www.securityfocus.com/archive/1/512510 - Broken Link, Third Party Advisory, VDB Entry
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html - Mailing List, Third Party Advisory
First Time		Suse linux Enterprise Desktop Suse Opensuse opensuse Suse linux Enterprise Server Opensuse Suse linux Enterprise Software Development Kit
CPE	cpe:2.3:a:mozilla:firefox:3.5.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::* cpe:2.3:a:mozilla:seamonkey:1.0:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::* cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:::::: cpe:2.3:a:mozilla:firefox:3.5.10:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::* cpe:2.3:a:mozilla:firefox:3.6.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::* cpe:2.3:a:mozilla:firefox:3.6.3:::::::* cpe:2.3:a:mozilla:firefox:3.5.6:::::::* cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:::::: cpe:2.3:a:mozilla:seamonkey:1.5.0.10:::::::* cpe:2.3:a:mozilla:thunderbird:3.0.3:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.19:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.18:::::::* cpe:2.3:a:mozilla:seamonkey:1.1:beta:::::: cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.5.0.9:::::::* cpe:2.3:a:mozilla:seamonkey:1.0:alpha:::::: cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::* cpe:2.3:a:mozilla:seamonkey:2.0.4:::::::* cpe:2.3:a:mozilla:seamonkey:2.0:rc2:::::: cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::* cpe:2.3:a:mozilla:firefox:3.5.2:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.15:::::::* cpe:2.3:a:mozilla:firefox:3.5.5:::::::* cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:::::: cpe:2.3:a:mozilla:seamonkey:1.1.14:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::* cpe:2.3:a:mozilla:seamonkey:1.1:alpha:::::: cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::* cpe:2.3:a:mozilla:seamonkey:2.0:rc1:::::: cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::* cpe:2.3:a:mozilla:thunderbird:3.0.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.5.0.8:::::::* cpe:2.3:a:mozilla:firefox:3.5.7:::::::* cpe:2.3:a:mozilla:firefox:3.5.9:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::* cpe:2.3:a:mozilla:seamonkey:2.0a1pre:::::::* cpe:2.3:a:mozilla:firefox:3.6.4:::::::* cpe:2.3:a:mozilla:firefox:3.5.4:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::* cpe:2.3:a:mozilla:seamonkey:2.0.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.17:::::::* cpe:2.3:a:mozilla:firefox:3.6.6:::::::* cpe:2.3:a:mozilla:seamonkey:2.0:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.16:::::::* cpe:2.3:a:mozilla:seamonkey:1.0:beta:::::: cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::* cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:::::: cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::* cpe:2.3:a:mozilla:thunderbird:3.0.5:::::::* cpe:2.3:a:mozilla:seamonkey:2.0.3:::::::* cpe:2.3:a:mozilla:seamonkey:1.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::* cpe:2.3:a:mozilla:firefox:3.5.3:::::::* cpe:2.3:a:mozilla:thunderbird:3.0.4:::::::* cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:::::: cpe:2.3:a:mozilla:seamonkey:2.0.2:::::::* cpe:2.3:a:mozilla:firefox:3.6.2:::::::* cpe:2.3:a:mozilla:thunderbird:3.0.2:::::::*	cpe:2.3:a:mozilla:thunderbird:::::::: cpe:2.3:o:opensuse:opensuse:11.1:::::::* cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:-:::::: cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:::::: cpe:2.3:o:suse:linux_enterprise_desktop:11:-:::::: cpe:2.3:o:opensuse:opensuse:11.2:::::::* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::::: cpe:2.3:o:opensuse:opensuse:11.3:::::::* cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:::::: cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:o:suse:linux_enterprise_server:11:-::::::
CWE	~~CWE-189~~	CWE-416 CWE-190
CVSS	v2 : ~~9.3~~ v3 : ~~unknown~~	v2 : 9.3 v3 : 8.8

Information

Published : 2010-07-30 20:30

Updated : 2024-11-21 01:17

NVD link : CVE-2010-2753

Mitre link : CVE-2010-2753

CVE.ORG link : CVE-2010-2753

JSON object : View

Products Affected

mozilla

firefox
thunderbird
seamonkey

opensuse

opensuse

suse

linux_enterprise_software_development_kit
linux_enterprise_server
linux_enterprise_desktop

CWE

CWE-190

Integer Overflow or Wraparound

CWE-416

Use After Free

8.8 /10