CVE-2010-2765

Description

Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow.

CVSS Metrics

• v2.0•HIGH•Score: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 4.02%• Percentile: 89%

Techniques & Countermeasures

• CWE-189•Numeric Errors

  Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

• mozilla•firefox

  3.6 | 3.6.2 | 3.6.3 | 3.6.4 | 3.6.6 | 3.6.7 | 3.6.8 | ≤ 3.5.11 | 1.0 | 1.0:preview_release | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.5 | 1.5:beta1 | 1.5:beta2 | 1.5.0.1 | 1.5.0.2 | 1.5.0.3 | 1.5.0.4 | 1.5.0.5 | 1.5.0.6 | 1.5.0.7 | 1.5.0.8 | 1.5.0.9 | 1.5.0.10 | 1.5.0.11 | 1.5.0.12 | 1.5.1 | 1.5.2 | 1.5.3 | 1.5.4 | 1.5.5 | 1.5.6 | 1.5.7 | 1.5.8 | 2.0 | 2.0.0.1 | 2.0.0.2 | 2.0.0.3 | 2.0.0.4 | 2.0.0.5 | 2.0.0.6 | 2.0.0.7 | 2.0.0.8 | 2.0.0.9 | 2.0.0.10 | 2.0.0.11 | 2.0.0.12 | 2.0.0.13 | 2.0.0.14 | 2.0.0.15 | 2.0.0.16 | 2.0.0.17 | 2.0.0.18 | 2.0.0.19 | 2.0.0.20 | 3.0 | 3.0.1 | 3.0.2 | 3.0.3 | 3.0.4 | 3.0.5 | 3.0.6 | 3.0.7 | 3.0.8 | 3.0.9 | 3.0.10 | 3.0.11 | 3.0.12 | 3.0.13 | 3.0.14 | 3.0.15 | 3.0.16 | 3.0.17 | 3.5 | 3.5.1 | 3.5.2 | 3.5.3 | 3.5.4 | 3.5.5 | 3.5.6 | 3.5.7 | 3.5.8 | 3.5.9 | 3.5.10

• mozilla•seamonkey

  ≤ 2.0.6 | 1.0 | 1.0:alpha | 1.0:beta | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.0.9 | 1.1 | 1.1:alpha | 1.1:beta | 1.1.1 | 1.1.2 | 1.1.3 | 1.1.4 | 1.1.5 | 1.1.6 | 1.1.7 | 1.1.8 | 1.1.9 | 1.1.10 | 1.1.11 | 1.1.12 | 1.1.13 | 1.1.14 | 1.1.15 | 1.1.16 | 1.1.17 | 1.1.18 | 1.1.19 | 1.5.0.8 | 1.5.0.9 | 1.5.0.10 | 2.0 | 2.0:alpha_1 | 2.0:alpha_2 | 2.0:alpha_3 | 2.0:beta_1 | 2.0:beta_2 | 2.0:rc1 | 2.0:rc2 | 2.0.1 | 2.0.2 | 2.0.3 | 2.0.4 | 2.0.5 | 2.0a1pre

• mozilla•thunderbird

  ≤ 3.0.6 | 0.1 | 0.2 | 0.3 | 0.4 | 0.5 | 0.6 | 0.7 | 0.7.1 | 0.7.2 | 0.7.3 | 0.8 | 0.9 | 1.0 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.5 | 1.5:beta2 | 1.5.0.1 | 1.5.0.2 | 1.5.0.3 | 1.5.0.4 | 1.5.0.5 | 1.5.0.6 | 1.5.0.7 | 1.5.0.8 | 1.5.0.9 | 1.5.0.10 | 1.5.0.11 | 1.5.0.12 | 1.5.0.13 | 1.5.0.14 | 1.5.1 | 1.5.2 | 2.0 | 2.0.0.0 | 2.0.0.1 | 2.0.0.2 | 2.0.0.3 | 2.0.0.4 | 2.0.0.5 | 2.0.0.6 | 2.0.0.7 | 2.0.0.8 | 2.0.0.9 | 2.0.0.12 | 2.0.0.14 | 2.0.0.16 | 2.0.0.17 | 2.0.0.18 | 2.0.0.19 | 2.0.0.21 | 2.0.0.22 | 2.0.0.23 | 3.0 | 3.0.1 | 3.0.2 | 3.0.3 | 3.0.4 | 3.0.5 | 3.1 | 3.1.1 | 31.2

References (14)

• http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-50.html
• http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
• http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
• http://support.avaya.com/css/P8/documents/100110210
• https://bugzilla.mozilla.org/show_bug.cgi?id=576447
• http://support.avaya.com/css/P8/documents/100112690
• http://secunia.com/advisories/42867
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11519
• http://www.vupen.com/english/advisories/2011/0061
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
• http://www.vupen.com/english/advisories/2010/2323
• http://www.debian.org/security/2010/dsa-2106
• http://www.securityfocus.com/bid/43095