Description
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.
References (7)
Core 7
Core References
Exploit, Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=571106
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2010/mfsa2010-40.html
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-131/
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41853
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512510
Scores
CVSS v3
8.8
EPSS
0.0409
EPSS Percentile
88.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
CWE-416
Status
published
Products (10)
mozilla/firefox
3.5 - 3.5.11
mozilla/seamonkey
< 2.0.6
mozilla/thunderbird
3.1
mozilla/thunderbird
3.0 - 3.0.6
opensuse/opensuse
11.1
opensuse/opensuse
11.2
opensuse/opensuse
11.3
suse/linux_enterprise_desktop
11 (2 CPE variants)
suse/linux_enterprise_server
11 (2 CPE variants)
suse/linux_enterprise_software_development_kit
11 (2 CPE variants)
Published
Jul 30, 2010
Tracked Since
Feb 18, 2026