CVE-2010-2753

CVSS v3.1 8.8 (High)

CVSS v2.0 9.3 (High)

EPSS 13.25 % (96^th)

Affected Products 7

Advisories 12

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.

Weaknesses

CWE-190: Integer Overflow or Wraparound
CWE-416: Use After Free

Related CVEs

CVE-2010-2760

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2010-07-30 20:30:02
(14 years ago)
Updated Date: 2024-02-03 02:26:59
(7 months ago)

Affected Products

Mozilla

Opensuse

Opensuse

Suse

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox from 3.5 version and prior 3.5.11 version	cpe:2.3:a:mozilla:firefox	>= 3.5	< 3.5.11
	Mozilla Firefox from 3.6 version and prior 3.6.7 version	cpe:2.3:a:mozilla:firefox	>= 3.6	< 3.6.7

Configuration #2

		CPE23	From	Up To
	Mozilla Seamonkey prior 2.0.6 version	cpe:2.3:a:mozilla:seamonkey		< 2.0.6

Configuration #3

		CPE23	From	Up To
	Mozilla Thunderbird from 3.0 version and prior 3.0.6 version	cpe:2.3:a:mozilla:thunderbird	>= 3.0	< 3.0.6
	Mozilla Thunderbird 3.1	cpe:2.3:a:mozilla:thunderbird:3.1

Configuration #4

		CPE23	From	Up To
	Opensuse 11.1	cpe:2.3:o:opensuse:opensuse:11.1
	Opensuse 11.2	cpe:2.3:o:opensuse:opensuse:11.2
	Opensuse 11.3	cpe:2.3:o:opensuse:opensuse:11.3
	Suse Linux Enterprise Desktop 11	cpe:2.3:o:suse:linux_enterprise_desktop:11:-
	Suse Linux Enterprise Desktop 11 SP1	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1
	Suse Linux Enterprise Server 11	cpe:2.3:o:suse:linux_enterprise_server:11:-
	Suse Linux Enterprise Server 11 SP1	cpe:2.3:o:suse:linux_enterprise_server:11:sp1
	Suse Linux Enterprise Software Development Kit 11	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:-
	Suse Linux Enterprise Software Development Kit 11 SP1	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1