CVE-2010-1214

Mozilla Firefox <3.5.11 & SeaMonkey <2.0.6 - RCE

Title source: llm

Description

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Abysssec · pythondoswindows

https://www.exploit-db.com/exploits/15027

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by J23 · textremotelinux

https://www.exploit-db.com/exploits/34358

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=572985

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2010/mfsa2010-37.html

Scores

EPSS 0.0734

EPSS Percentile 91.7%

Details

CWE

CWE-189

Status published

Products (46)

mozilla/firefox 3.5.1

mozilla/firefox 3.5.2

mozilla/firefox 3.5.3

mozilla/firefox 3.5.4

mozilla/firefox 3.5.5

mozilla/firefox 3.5.6

mozilla/firefox 3.5.7

mozilla/firefox 3.5.9

mozilla/firefox 3.5.10

mozilla/firefox 3.6.1

... and 36 more

Published Jul 30, 2010

Tracked Since Feb 18, 2026