1. Home
  2. Vulnerabilities
  3. CVE-2010-2755

CVE-2010-2755

CVSS v2.0 10 (High)
100% Progress
EPSS 19.34 % (96th)
19.34% Progress
Affected Products 1
Advisories 7
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.

Weaknesses
CWE-399
Resource Management Errors
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2010-07-30 13:26:18
(14 years ago)
Updated Date
2017-09-19 01:31:06
(7 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 3.6.7 cpe:2.3:a:mozilla:firefox:3.6.7