CVE-2010-2753: Integer Overflow
First published: Fri Jul 30 2010(Updated: )
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =3.6.2 | |
| Firefox | =3.5.3 | |
| Firefox | =3.6.3 | |
| Firefox | =3.5.6 | |
| Firefox | =3.5.5 | |
| Firefox | =3.5.9 | |
| Firefox | =3.5.4 | |
| Firefox | =3.5.7 | |
| Firefox | =3.5.10 | |
| Firefox | =3.5.1 | |
| Firefox | =3.5.2 | |
| Firefox | =3.6.6 | |
| Firefox | =3.6.1 | |
| Firefox | =3.6.4 | |
| Mozilla SeaMonkey | <=2.0.5 | |
| Mozilla SeaMonkey | =1.1.10 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Mozilla SeaMonkey | =1.1.8 | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.1.7 | |
| Mozilla SeaMonkey | =1.5.0.10 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Mozilla SeaMonkey | =1.1.3 | |
| Mozilla SeaMonkey | =2.0a1pre | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =1.1.17 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =1.1.5 | |
| Mozilla SeaMonkey | =1.0.7 | |
| Mozilla SeaMonkey | =1.0-beta | |
| Mozilla SeaMonkey | =1.1-alpha | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =1.0-alpha | |
| Mozilla SeaMonkey | =1.1.12 | |
| Mozilla SeaMonkey | =1.1 | |
| Mozilla SeaMonkey | =1.1.14 | |
| Mozilla SeaMonkey | =1.1.2 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla SeaMonkey | =1.0.8 | |
| Mozilla SeaMonkey | =1.1.11 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =1.5.0.9 | |
| Mozilla SeaMonkey | =1.1-beta | |
| Mozilla SeaMonkey | =1.1.1 | |
| Mozilla SeaMonkey | =1.5.0.8 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Mozilla SeaMonkey | =1.1.15 | |
| Mozilla SeaMonkey | =1.1.6 | |
| Mozilla SeaMonkey | =1.1.16 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =1.1.19 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Mozilla SeaMonkey | =1.1.9 | |
| Mozilla SeaMonkey | =1.1.13 | |
| Mozilla SeaMonkey | =1.1.18 | |
| Mozilla SeaMonkey | =2.0 | |
| Mozilla SeaMonkey | =1.1.4 | |
| Thunderbird | =3.0.5 | |
| Thunderbird | =3.0.1 | |
| Thunderbird | =3.0.3 | |
| Thunderbird | =3.0.4 | |
| Thunderbird | =3.1 | |
| Thunderbird | =3.0.2 | |
| Firefox | >=3.5<3.5.11 | |
| Firefox | >=3.6<3.6.7 | |
| Mozilla SeaMonkey | <2.0.6 | |
| Thunderbird | >=3.0<3.0.6 | |
| openSUSE | =11.1 | |
| openSUSE | =11.2 | |
| openSUSE | =11.3 | |
| SUSE Linux Enterprise Desktop | =11 | |
| SUSE Linux Enterprise Desktop | =11-sp1 | |
| SUSE Linux Enterprise Server | =11 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| SUSE Linux Enterprise Software Development Kit | =11 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-40.html
- http://www.securityfocus.com/archive/1/512510
- http://www.securityfocus.com/bid/41853
- http://www.zerodayinitiative.com/advisories/ZDI-10-131/
- https://bugzilla.mozilla.org/show_bug.cgi?id=571106
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958
Frequently Asked Questions
What is the severity of CVE-2010-2753?
CVE-2010-2753 has a moderate severity rating due to its potential to allow remote code execution.
How do I fix CVE-2010-2753?
To fix CVE-2010-2753, update your Mozilla Firefox, Thunderbird, or SeaMonkey software to the latest version available.
Which versions are affected by CVE-2010-2753?
CVE-2010-2753 affects specific versions of Mozilla Firefox before 3.5.11 and 3.6.7, Thunderbird before 3.0.6, and SeaMonkey before 2.0.6.
What type of vulnerability is CVE-2010-2753?
CVE-2010-2753 is categorized as an integer overflow vulnerability that can trigger a use-after-free condition.
Can CVE-2010-2753 be exploited remotely?
Yes, CVE-2010-2753 can be exploited remotely through maliciously crafted content targeting affected software.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/event
- agent/description
- agent/weakness
- agent/source
- agent/author
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/mozilla
- canonical/firefox
- version/firefox/3.6.2
- version/firefox/3.5.3
- version/firefox/3.6.3
- version/firefox/3.5.6
- version/firefox/3.5.5
- version/firefox/3.5.9
- version/firefox/3.5.4
- version/firefox/3.5.7
- version/firefox/3.5.10
- version/firefox/3.5.1
- version/firefox/3.5.2
- version/firefox/3.6.6
- version/firefox/3.6.1
- version/firefox/3.6.4
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.0.5
- version/mozilla seamonkey/1.1.10
- version/mozilla seamonkey/1.0.3
- version/mozilla seamonkey/1.1.8
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.1.7
- version/mozilla seamonkey/1.5.0.10
- version/mozilla seamonkey/1.0.6
- version/mozilla seamonkey/1.0.9
- version/mozilla seamonkey/1.1.3
- version/mozilla seamonkey/2.0a1pre
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/1.0
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/1.1.17
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/1.1.5
- version/mozilla seamonkey/1.0.7
- version/mozilla seamonkey/1.0-beta
- version/mozilla seamonkey/1.1-alpha
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/1.0-alpha
- version/mozilla seamonkey/1.1.12
- version/mozilla seamonkey/1.1
- version/mozilla seamonkey/1.1.14
- version/mozilla seamonkey/1.1.2
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/1.0.2
- version/mozilla seamonkey/1.0.8
- version/mozilla seamonkey/1.1.11
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla seamonkey/1.5.0.9
- version/mozilla seamonkey/1.1-beta
- version/mozilla seamonkey/1.1.1
- version/mozilla seamonkey/1.5.0.8
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/1.0.5
- version/mozilla seamonkey/1.1.15
- version/mozilla seamonkey/1.1.6
- version/mozilla seamonkey/1.1.16
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/1.1.19
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/1.0.4
- version/mozilla seamonkey/1.1.9
- version/mozilla seamonkey/1.1.13
- version/mozilla seamonkey/1.1.18
- version/mozilla seamonkey/2.0
- version/mozilla seamonkey/1.1.4
- canonical/thunderbird
- version/thunderbird/3.0.5
- version/thunderbird/3.0.1
- version/thunderbird/3.0.3
- version/thunderbird/3.0.4
- version/thunderbird/3.1
- version/thunderbird/3.0.2
- version/firefox/3.5
- version/firefox/3.6
- version/thunderbird/3.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.1
- version/opensuse/11.2
- version/opensuse/11.3
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11
- version/suse linux enterprise desktop/11-sp1
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11
- version/suse linux enterprise server/11-sp1
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11
- version/suse linux enterprise software development kit/11-sp1