Description
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Abysssec · pythondoswindows
https://www.exploit-db.com/exploits/14949
exploitdb
WRITEUP
VERIFIED
by Martin Barbella · textremotelinux
https://www.exploit-db.com/exploits/34192
References (32)
Core 32
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13287
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59666
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40481
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-930-1
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/14949
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024138
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1640
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41050
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0501.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1557
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:125
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1773
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=554255
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0499.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1556
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1592
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-930-2
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1551
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41082
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0500.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511972/100/0/threaded
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-113
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10885
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40323
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2010/mfsa2010-30.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40401
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40326
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100091069
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024139
Scores
EPSS
0.4270
EPSS Percentile
97.5%
Details
CWE
CWE-189
Status
published
Products (43)
mozilla/firefox
3.5
mozilla/firefox
3.5.1
mozilla/firefox
3.5.2
mozilla/firefox
3.5.3
mozilla/firefox
3.5.4
mozilla/firefox
3.5.5
mozilla/firefox
3.5.6
mozilla/firefox
3.5.7
mozilla/firefox
3.5.9
mozilla/firefox
3.6
... and 33 more
Published
Jun 24, 2010
Tracked Since
Feb 18, 2026