CVE-2010-1214

Mozilla Firefox <3.5.11 & SeaMonkey <2.0.6 - RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-1214. PoCs published by Abysssec, J23.

AI-analyzed exploit summary This exploit generates an HTML file with a malicious Java applet that triggers a heap overflow in Firefox 3.6.4 via excessive PARAM elements, leading to remote code execution. The vulnerability is in the EnsureCachedAttrParamArrays function.

Description

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Abysssec · pythondoswindows

https://www.exploit-db.com/exploits/15027

View Code ZIP pw:eip

This exploit generates an HTML file with a malicious Java applet that triggers a heap overflow in Firefox 3.6.4 via excessive PARAM elements, leading to remote code execution. The vulnerability is in the EnsureCachedAttrParamArrays function.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mozilla Firefox 3.6.4

No auth needed

Prerequisites: Victim must visit the crafted HTML page with a vulnerable Firefox version

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by J23 · textremotelinux

https://www.exploit-db.com/exploits/34358

View Code ZIP pw:eip

This is a vulnerability writeup for CVE-2020-1214, describing a buffer overflow in Mozilla Firefox and SeaMonkey. It lacks exploit code but provides details on affected versions and fixes.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Mozilla Firefox < 3.6.7, Firefox < 3.5.11, SeaMonkey < 2.0.6

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=572985

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2010/mfsa2010-37.html

Scores

EPSS 0.0759

EPSS Percentile 93.8%

Details

CWE

CWE-189

Status published

Products (46)

mozilla/firefox 3.5.1

mozilla/firefox 3.5.2

mozilla/firefox 3.5.3

mozilla/firefox 3.5.4

mozilla/firefox 3.5.5

mozilla/firefox 3.5.6

mozilla/firefox 3.5.7

mozilla/firefox 3.5.9

mozilla/firefox 3.5.10

mozilla/firefox 3.6.1

... and 36 more

Published Jul 30, 2010

Tracked Since Feb 18, 2026