Description
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Abysssec · pythondoswindows
https://www.exploit-db.com/exploits/15104
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11680
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41852
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-133/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512514
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=574059
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2010/mfsa2010-39.html
Scores
EPSS
0.0799
EPSS Percentile
92.1%
Details
CWE
CWE-189
Status
published
Products (46)
mozilla/firefox
3.5.1
mozilla/firefox
3.5.2
mozilla/firefox
3.5.3
mozilla/firefox
3.5.4
mozilla/firefox
3.5.5
mozilla/firefox
3.5.6
mozilla/firefox
3.5.7
mozilla/firefox
3.5.9
mozilla/firefox
3.5.10
mozilla/firefox
3.6.1
... and 36 more
Published
Jul 30, 2010
Tracked Since
Feb 18, 2026