CVE-2010-2753

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.

References

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html

http://www.mozilla.org/security/announce/2010/mfsa2010-40.html

http://www.securityfocus.com/archive/1/512510

http://www.securityfocus.com/bid/41853

http://www.zerodayinitiative.com/advisories/ZDI-10-131/

https://bugzilla.mozilla.org/show_bug.cgi?id=571106

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958

Details

Source: MITRE

Published: 2010-07-30

Updated: 2017-09-19

Type: CWE-189

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 2.0.5 (inclusive)

cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*

Tenable Plugins

View all (88 total)

IDNameProductFamilySeverity
75733openSUSE Security Update : seamonkey (seamonkey-3372)NessusSuSE Local Security Checks
high
75732openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)NessusSuSE Local Security Checks
high
75731openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)NessusSuSE Local Security Checks
high
75671openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)NessusSuSE Local Security Checks
high
75670openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)NessusSuSE Local Security Checks
high
75669openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-2779)NessusSuSE Local Security Checks
high
75660openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)NessusSuSE Local Security Checks
high
75659openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)NessusSuSE Local Security Checks
high
75658openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0430-2)NessusSuSE Local Security Checks
high
75647openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)NessusSuSE Local Security Checks
high
75646openSUSE Security Update : MozillaFirefox (MozillaFirefox-2807)NessusSuSE Local Security Checks
critical
68099Oracle Linux 4 : thunderbird (ELSA-2010-0682)NessusOracle Linux Local Security Checks
high
68098Oracle Linux 4 / 5 : firefox (ELSA-2010-0681)NessusOracle Linux Local Security Checks
high
68097Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0680)NessusOracle Linux Local Security Checks
high
68068Oracle Linux 4 / 5 : firefox (ELSA-2010-0547)NessusOracle Linux Local Security Checks
high
68067Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0546)NessusOracle Linux Local Security Checks
high
68066Oracle Linux 4 : thunderbird (ELSA-2010-0544)NessusOracle Linux Local Security Checks
critical
63939RHEL 5 : thunderbird (RHSA-2010:0545)NessusRed Hat Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
60822Scientific Linux Security Update : thunderbird on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60821Scientific Linux Security Update : thunderbird on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60820Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60818Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
53540RHEL 4 / 5 : firefox (RHSA-2010:0681)NessusRed Hat Local Security Checks
high
50951SuSE 11 / 11.1 Security Update : Mozilla (SAT Patch Numbers 3417 / 3419)NessusSuSE Local Security Checks
high
50875SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3159 / 3160)NessusSuSE Local Security Checks
high
50874SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 2780 / 2781)NessusSuSE Local Security Checks
high
50488SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7208)NessusSuSE Local Security Checks
high
50466openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)NessusSuSE Local Security Checks
high
50462openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)NessusSuSE Local Security Checks
high
50376openSUSE Security Update : seamonkey (seamonkey-3372)NessusSuSE Local Security Checks
high
50372openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)NessusSuSE Local Security Checks
high
50371openSUSE Security Update : seamonkey (seamonkey-3372)NessusSuSE Local Security Checks
high
50366openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)NessusSuSE Local Security Checks
high
49947openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)NessusSuSE Local Security Checks
high
49946openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)NessusSuSE Local Security Checks
high
49945openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)NessusSuSE Local Security Checks
high
49944openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)NessusSuSE Local Security Checks
high
49894SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7101)NessusSuSE Local Security Checks
high
49282openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)NessusSuSE Local Security Checks
high
49281openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)NessusSuSE Local Security Checks
high
49280openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)NessusSuSE Local Security Checks
high
49279openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)NessusSuSE Local Security Checks
high
49183CentOS 4 / 5 : thunderbird (CESA-2010:0682)NessusCentOS Local Security Checks
high
49182CentOS 4 / 5 : firefox (CESA-2010:0681)NessusCentOS Local Security Checks
high
49181CentOS 3 / 4 : seamonkey (CESA-2010:0680)NessusCentOS Local Security Checks
high
49170Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-978-1)NessusUbuntu Local Security Checks
high
49169Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-975-1)NessusUbuntu Local Security Checks
high
49133RHEL 4 / 5 : thunderbird (RHSA-2010:0682)NessusRed Hat Local Security Checks
high
49132RHEL 3 / 4 : seamonkey (RHSA-2010:0680)NessusRed Hat Local Security Checks
high
49099Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:169)NessusMandriva Local Security Checks
high
48342CentOS 3 : seamonkey (CESA-2010:0546)NessusCentOS Local Security Checks
high
48266CentOS 4 : thunderbird (CESA-2010:0544)NessusCentOS Local Security Checks
critical
47907openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)NessusSuSE Local Security Checks
high
47906openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)NessusSuSE Local Security Checks
high
47889Debian DSA-2075-1 : xulrunner - several vulnerabilitiesNessusDebian Local Security Checks
high
47881RHEL 4 / 5 : firefox (RHSA-2010:0547)NessusRed Hat Local Security Checks
high
47880RHEL 3 / 4 : seamonkey (RHSA-2010:0546)NessusRed Hat Local Security Checks
high
47879RHEL 4 : thunderbird (RHSA-2010:0544)NessusRed Hat Local Security Checks
critical
47868openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0430-2)NessusSuSE Local Security Checks
high
47857Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-958-1)NessusUbuntu Local Security Checks
high
47856Ubuntu 8.04 LTS / 10.04 LTS : firefox, firefox-3.0, xulrunner-1.9.2 vulnerability (USN-957-2)NessusUbuntu Local Security Checks
critical
47854openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)NessusSuSE Local Security Checks
high
47826Ubuntu 8.04 LTS / 10.04 LTS : firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities (USN-957-1)NessusUbuntu Local Security Checks
high
47825Ubuntu 9.04 / 9.10 : ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp update (USN-930-5)NessusUbuntu Local Security Checks
critical
47824Ubuntu 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-930-4)NessusUbuntu Local Security Checks
critical
47813Fedora 13 : sunbird-1.0-0.26.b2pre.fc13 / thunderbird-3.1.1-1.fc13 (2010-11379)NessusFedora Local Security Checks
high
47812Fedora 12 : firefox-3.5.11-1.fc12 / galeon-2.0.7-24.fc12 / gnome-python2-extras-2.25.3-19.fc12 / etc (2010-11375)NessusFedora Local Security Checks
high
47811Fedora 12 : seamonkey-2.0.6-1.fc12 (2010-11363)NessusFedora Local Security Checks
high
47810Fedora 12 : sunbird-1.0-0.23.20090916hg.fc12 / thunderbird-3.0.6-1.fc12 (2010-11361)NessusFedora Local Security Checks
critical
47809Fedora 13 : firefox-3.6.7-1.fc13 / galeon-2.0.7-30.fc13 / gnome-python2-extras-2.25.3-20.fc13 / etc (2010-11345)NessusFedora Local Security Checks
high
47807Fedora 13 : seamonkey-2.0.6-1.fc13 (2010-11327)NessusFedora Local Security Checks
high
47806CentOS 4 / 5 : firefox (CESA-2010:0547)NessusCentOS Local Security Checks
high
47805CentOS 5 : thunderbird (CESA-2010:0545)NessusCentOS Local Security Checks
critical
47794FreeBSD : mozilla -- multiple vulnerabilities (8c2ea875-9499-11df-8e32-000f20797ede)NessusFreeBSD Local Security Checks
high
47782Firefox 3.6 < 3.6.7 Multiple VulnerabilitiesNessusWindows
high
47781Firefox < 3.5.11 Multiple VulnerabilitiesNessusWindows
high
800871SeaMonkey 2.0.x < 2.0.6 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800782Firefox 3.5.x < 3.5.11 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800780Firefox 3.6.x < 3.6.7 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5610SeaMonkey 2.0.x < 2.0.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
5609Mozilla Thunderbird 3.1.x < 3.1.1 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
5608Mozilla Thunderbird 3.0.x < 3.0.6 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
5607Mozilla Firefox 3.6.x < 3.6.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
5606Mozilla Firefox 3.5.x < 3.5.11 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
47785SeaMonkey < 2.0.6 Multiple Vulnerabilities NessusWindows
high
47784Mozilla Thunderbird 3.1.x < 3.1.1 Multiple VulnerabilitiesNessusWindows
high
47783Mozilla Thunderbird < 3.0.6 Multiple VulnerabilitiesNessusWindows
high