CVE-2010-3166: Buffer Overflow
First published: Thu Sep 09 2010(Updated: )
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =3.6 | |
| Firefox | =3.6.2 | |
| Firefox | =3.6.3 | |
| Firefox | =3.6.4 | |
| Firefox | =3.6.6 | |
| Firefox | =3.6.7 | |
| Firefox | =3.6.8 | |
| Mozilla SeaMonkey | <=2.0.6 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla SeaMonkey | =1.0-alpha | |
| Mozilla SeaMonkey | =1.0-beta | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Mozilla SeaMonkey | =1.0.7 | |
| Mozilla SeaMonkey | =1.0.8 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Mozilla SeaMonkey | =1.1 | |
| Mozilla SeaMonkey | =1.1-alpha | |
| Mozilla SeaMonkey | =1.1-beta | |
| Mozilla SeaMonkey | =1.1.1 | |
| Mozilla SeaMonkey | =1.1.2 | |
| Mozilla SeaMonkey | =1.1.3 | |
| Mozilla SeaMonkey | =1.1.4 | |
| Mozilla SeaMonkey | =1.1.5 | |
| Mozilla SeaMonkey | =1.1.6 | |
| Mozilla SeaMonkey | =1.1.7 | |
| Mozilla SeaMonkey | =1.1.8 | |
| Mozilla SeaMonkey | =1.1.9 | |
| Mozilla SeaMonkey | =1.1.10 | |
| Mozilla SeaMonkey | =1.1.11 | |
| Mozilla SeaMonkey | =1.1.12 | |
| Mozilla SeaMonkey | =1.1.13 | |
| Mozilla SeaMonkey | =1.1.14 | |
| Mozilla SeaMonkey | =1.1.15 | |
| Mozilla SeaMonkey | =1.1.16 | |
| Mozilla SeaMonkey | =1.1.17 | |
| Mozilla SeaMonkey | =1.1.18 | |
| Mozilla SeaMonkey | =1.1.19 | |
| Mozilla SeaMonkey | =1.5.0.8 | |
| Mozilla SeaMonkey | =1.5.0.9 | |
| Mozilla SeaMonkey | =1.5.0.10 | |
| Mozilla SeaMonkey | =2.0 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =2.0.5 | |
| Mozilla SeaMonkey | =2.0a1pre | |
| Thunderbird | <=3.0.6 | |
| Thunderbird | =0.1 | |
| Thunderbird | =0.2 | |
| Thunderbird | =0.3 | |
| Thunderbird | =0.4 | |
| Thunderbird | =0.5 | |
| Thunderbird | =0.6 | |
| Thunderbird | =0.7 | |
| Thunderbird | =0.7.1 | |
| Thunderbird | =0.7.2 | |
| Thunderbird | =0.7.3 | |
| Thunderbird | =0.8 | |
| Thunderbird | =0.9 | |
| Thunderbird | =1.0 | |
| Thunderbird | =1.0.1 | |
| Thunderbird | =1.0.2 | |
| Thunderbird | =1.0.3 | |
| Thunderbird | =1.0.4 | |
| Thunderbird | =1.0.5 | |
| Thunderbird | =1.0.6 | |
| Thunderbird | =1.0.7 | |
| Thunderbird | =1.0.8 | |
| Thunderbird | =1.5 | |
| Thunderbird | =1.5-beta2 | |
| Thunderbird | =1.5.0.1 | |
| Thunderbird | =1.5.0.2 | |
| Thunderbird | =1.5.0.3 | |
| Thunderbird | =1.5.0.4 | |
| Thunderbird | =1.5.0.5 | |
| Thunderbird | =1.5.0.6 | |
| Thunderbird | =1.5.0.7 | |
| Thunderbird | =1.5.0.8 | |
| Thunderbird | =1.5.0.9 | |
| Thunderbird | =1.5.0.10 | |
| Thunderbird | =1.5.0.11 | |
| Thunderbird | =1.5.0.12 | |
| Thunderbird | =1.5.0.13 | |
| Thunderbird | =1.5.0.14 | |
| Thunderbird | =1.5.1 | |
| Thunderbird | =1.5.2 | |
| Thunderbird | =2.0 | |
| Thunderbird | =2.0.0.0 | |
| Thunderbird | =2.0.0.1 | |
| Thunderbird | =2.0.0.2 | |
| Thunderbird | =2.0.0.3 | |
| Thunderbird | =2.0.0.4 | |
| Thunderbird | =2.0.0.5 | |
| Thunderbird | =2.0.0.6 | |
| Thunderbird | =2.0.0.7 | |
| Thunderbird | =2.0.0.8 | |
| Thunderbird | =2.0.0.9 | |
| Thunderbird | =2.0.0.12 | |
| Thunderbird | =2.0.0.14 | |
| Thunderbird | =2.0.0.16 | |
| Thunderbird | =2.0.0.17 | |
| Thunderbird | =2.0.0.18 | |
| Thunderbird | =2.0.0.19 | |
| Thunderbird | =2.0.0.21 | |
| Thunderbird | =2.0.0.22 | |
| Thunderbird | =2.0.0.23 | |
| Thunderbird | =3.0 | |
| Thunderbird | =3.0.1 | |
| Thunderbird | =3.0.2 | |
| Thunderbird | =3.0.3 | |
| Thunderbird | =3.0.4 | |
| Thunderbird | =3.0.5 | |
| Thunderbird | =3.1 | |
| Thunderbird | =3.1.1 | |
| Thunderbird | =3.1.2 | |
| Firefox | <=3.5.11 | |
| Firefox | =1.0 | |
| Firefox | =1.0-preview_release | |
| Firefox | =1.0.1 | |
| Firefox | =1.0.2 | |
| Firefox | =1.0.3 | |
| Firefox | =1.0.4 | |
| Firefox | =1.0.5 | |
| Firefox | =1.0.6 | |
| Firefox | =1.0.7 | |
| Firefox | =1.0.8 | |
| Firefox | =1.5 | |
| Firefox | =1.5-beta1 | |
| Firefox | =1.5-beta2 | |
| Firefox | =1.5.0.1 | |
| Firefox | =1.5.0.2 | |
| Firefox | =1.5.0.3 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.5 | |
| Firefox | =1.5.0.6 | |
| Firefox | =1.5.0.7 | |
| Firefox | =1.5.0.8 | |
| Firefox | =1.5.0.9 | |
| Firefox | =1.5.0.10 | |
| Firefox | =1.5.0.11 | |
| Firefox | =1.5.0.12 | |
| Firefox | =1.5.1 | |
| Firefox | =1.5.2 | |
| Firefox | =1.5.3 | |
| Firefox | =1.5.4 | |
| Firefox | =1.5.5 | |
| Firefox | =1.5.6 | |
| Firefox | =1.5.7 | |
| Firefox | =1.5.8 | |
| Firefox | =2.0 | |
| Firefox | =2.0.0.1 | |
| Firefox | =2.0.0.2 | |
| Firefox | =2.0.0.3 | |
| Firefox | =2.0.0.4 | |
| Firefox | =2.0.0.5 | |
| Firefox | =2.0.0.6 | |
| Firefox | =2.0.0.7 | |
| Firefox | =2.0.0.8 | |
| Firefox | =2.0.0.9 | |
| Firefox | =2.0.0.10 | |
| Firefox | =2.0.0.11 | |
| Firefox | =2.0.0.12 | |
| Firefox | =2.0.0.13 | |
| Firefox | =2.0.0.14 | |
| Firefox | =2.0.0.15 | |
| Firefox | =2.0.0.16 | |
| Firefox | =2.0.0.17 | |
| Firefox | =2.0.0.18 | |
| Firefox | =2.0.0.19 | |
| Firefox | =2.0.0.20 | |
| Firefox | =3.0 | |
| Firefox | =3.0.1 | |
| Firefox | =3.0.2 | |
| Firefox | =3.0.3 | |
| Firefox | =3.0.4 | |
| Firefox | =3.0.5 | |
| Firefox | =3.0.6 | |
| Firefox | =3.0.7 | |
| Firefox | =3.0.8 | |
| Firefox | =3.0.9 | |
| Firefox | =3.0.10 | |
| Firefox | =3.0.11 | |
| Firefox | =3.0.12 | |
| Firefox | =3.0.13 | |
| Firefox | =3.0.14 | |
| Firefox | =3.0.15 | |
| Firefox | =3.0.16 | |
| Firefox | =3.0.17 | |
| Firefox | =3.5 | |
| Firefox | =3.5.1 | |
| Firefox | =3.5.2 | |
| Firefox | =3.5.3 | |
| Firefox | =3.5.4 | |
| Firefox | =3.5.5 | |
| Firefox | =3.5.6 | |
| Firefox | =3.5.7 | |
| Firefox | =3.5.8 | |
| Firefox | =3.5.9 | |
| Firefox | =3.5.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
- http://secunia.com/advisories/42867
- http://support.avaya.com/css/P8/documents/100112690
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
- http://www.mozilla.org/security/announce/2010/mfsa2010-53.html
- http://www.securityfocus.com/bid/43102
- http://www.vupen.com/english/advisories/2010/2323
- http://www.vupen.com/english/advisories/2011/0061
- https://bugzilla.mozilla.org/show_bug.cgi?id=579655
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12186
Frequently Asked Questions
What is the severity of CVE-2010-3166?
CVE-2010-3166 is classified as a critical vulnerability that could enable remote code execution.
How do I fix CVE-2010-3166?
To fix CVE-2010-3166, upgrade affected Mozilla Firefox, Thunderbird, or SeaMonkey to the latest version that has patched this vulnerability.
What versions are affected by CVE-2010-3166?
CVE-2010-3166 affects Mozilla Firefox versions before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7.
Can CVE-2010-3166 be exploited remotely?
Yes, CVE-2010-3166 can be exploited remotely, allowing attackers to execute arbitrary code on the victim's system.
What is the nature of the vulnerability in CVE-2010-3166?
CVE-2010-3166 involves a heap-based buffer overflow in the nsTextFrameUtils::TransformText function of the affected software.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mozilla
- canonical/firefox
- version/firefox/3.6
- version/firefox/3.6.2
- version/firefox/3.6.3
- version/firefox/3.6.4
- version/firefox/3.6.6
- version/firefox/3.6.7
- version/firefox/3.6.8
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.0.6
- version/mozilla seamonkey/1.0
- version/mozilla seamonkey/1.0-alpha
- version/mozilla seamonkey/1.0-beta
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.0.2
- version/mozilla seamonkey/1.0.3
- version/mozilla seamonkey/1.0.4
- version/mozilla seamonkey/1.0.5
- version/mozilla seamonkey/1.0.6
- version/mozilla seamonkey/1.0.7
- version/mozilla seamonkey/1.0.8
- version/mozilla seamonkey/1.0.9
- version/mozilla seamonkey/1.1
- version/mozilla seamonkey/1.1-alpha
- version/mozilla seamonkey/1.1-beta
- version/mozilla seamonkey/1.1.1
- version/mozilla seamonkey/1.1.2
- version/mozilla seamonkey/1.1.3
- version/mozilla seamonkey/1.1.4
- version/mozilla seamonkey/1.1.5
- version/mozilla seamonkey/1.1.6
- version/mozilla seamonkey/1.1.7
- version/mozilla seamonkey/1.1.8
- version/mozilla seamonkey/1.1.9
- version/mozilla seamonkey/1.1.10
- version/mozilla seamonkey/1.1.11
- version/mozilla seamonkey/1.1.12
- version/mozilla seamonkey/1.1.13
- version/mozilla seamonkey/1.1.14
- version/mozilla seamonkey/1.1.15
- version/mozilla seamonkey/1.1.16
- version/mozilla seamonkey/1.1.17
- version/mozilla seamonkey/1.1.18
- version/mozilla seamonkey/1.1.19
- version/mozilla seamonkey/1.5.0.8
- version/mozilla seamonkey/1.5.0.9
- version/mozilla seamonkey/1.5.0.10
- version/mozilla seamonkey/2.0
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/2.0.5
- version/mozilla seamonkey/2.0a1pre
- canonical/thunderbird
- version/thunderbird/3.0.6
- version/thunderbird/0.1
- version/thunderbird/0.2
- version/thunderbird/0.3
- version/thunderbird/0.4
- version/thunderbird/0.5
- version/thunderbird/0.6
- version/thunderbird/0.7
- version/thunderbird/0.7.1
- version/thunderbird/0.7.2
- version/thunderbird/0.7.3
- version/thunderbird/0.8
- version/thunderbird/0.9
- version/thunderbird/1.0
- version/thunderbird/1.0.1
- version/thunderbird/1.0.2
- version/thunderbird/1.0.3
- version/thunderbird/1.0.4
- version/thunderbird/1.0.5
- version/thunderbird/1.0.6
- version/thunderbird/1.0.7
- version/thunderbird/1.0.8
- version/thunderbird/1.5
- version/thunderbird/1.5-beta2
- version/thunderbird/1.5.0.1
- version/thunderbird/1.5.0.2
- version/thunderbird/1.5.0.3
- version/thunderbird/1.5.0.4
- version/thunderbird/1.5.0.5
- version/thunderbird/1.5.0.6
- version/thunderbird/1.5.0.7
- version/thunderbird/1.5.0.8
- version/thunderbird/1.5.0.9
- version/thunderbird/1.5.0.10
- version/thunderbird/1.5.0.11
- version/thunderbird/1.5.0.12
- version/thunderbird/1.5.0.13
- version/thunderbird/1.5.0.14
- version/thunderbird/1.5.1
- version/thunderbird/1.5.2
- version/thunderbird/2.0
- version/thunderbird/2.0.0.0
- version/thunderbird/2.0.0.1
- version/thunderbird/2.0.0.2
- version/thunderbird/2.0.0.3
- version/thunderbird/2.0.0.4
- version/thunderbird/2.0.0.5
- version/thunderbird/2.0.0.6
- version/thunderbird/2.0.0.7
- version/thunderbird/2.0.0.8
- version/thunderbird/2.0.0.9
- version/thunderbird/2.0.0.12
- version/thunderbird/2.0.0.14
- version/thunderbird/2.0.0.16
- version/thunderbird/2.0.0.17
- version/thunderbird/2.0.0.18
- version/thunderbird/2.0.0.19
- version/thunderbird/2.0.0.21
- version/thunderbird/2.0.0.22
- version/thunderbird/2.0.0.23
- version/thunderbird/3.0
- version/thunderbird/3.0.1
- version/thunderbird/3.0.2
- version/thunderbird/3.0.3
- version/thunderbird/3.0.4
- version/thunderbird/3.0.5
- version/thunderbird/3.1
- version/thunderbird/3.1.1
- version/thunderbird/3.1.2
- version/firefox/3.5.11
- version/firefox/1.0
- version/firefox/1.0-preview_release
- version/firefox/1.0.1
- version/firefox/1.0.2
- version/firefox/1.0.3
- version/firefox/1.0.4
- version/firefox/1.0.5
- version/firefox/1.0.6
- version/firefox/1.0.7
- version/firefox/1.0.8
- version/firefox/1.5
- version/firefox/1.5-beta1
- version/firefox/1.5-beta2
- version/firefox/1.5.0.1
- version/firefox/1.5.0.2
- version/firefox/1.5.0.3
- version/firefox/1.5.0.4
- version/firefox/1.5.0.5
- version/firefox/1.5.0.6
- version/firefox/1.5.0.7
- version/firefox/1.5.0.8
- version/firefox/1.5.0.9
- version/firefox/1.5.0.10
- version/firefox/1.5.0.11
- version/firefox/1.5.0.12
- version/firefox/1.5.1
- version/firefox/1.5.2
- version/firefox/1.5.3
- version/firefox/1.5.4
- version/firefox/1.5.5
- version/firefox/1.5.6
- version/firefox/1.5.7
- version/firefox/1.5.8
- version/firefox/2.0
- version/firefox/2.0.0.1
- version/firefox/2.0.0.2
- version/firefox/2.0.0.3
- version/firefox/2.0.0.4
- version/firefox/2.0.0.5
- version/firefox/2.0.0.6
- version/firefox/2.0.0.7
- version/firefox/2.0.0.8
- version/firefox/2.0.0.9
- version/firefox/2.0.0.10
- version/firefox/2.0.0.11
- version/firefox/2.0.0.12
- version/firefox/2.0.0.13
- version/firefox/2.0.0.14
- version/firefox/2.0.0.15
- version/firefox/2.0.0.16
- version/firefox/2.0.0.17
- version/firefox/2.0.0.18
- version/firefox/2.0.0.19
- version/firefox/2.0.0.20
- version/firefox/3.0
- version/firefox/3.0.1
- version/firefox/3.0.2
- version/firefox/3.0.3
- version/firefox/3.0.4
- version/firefox/3.0.5
- version/firefox/3.0.6
- version/firefox/3.0.7
- version/firefox/3.0.8
- version/firefox/3.0.9
- version/firefox/3.0.10
- version/firefox/3.0.11
- version/firefox/3.0.12
- version/firefox/3.0.13
- version/firefox/3.0.14
- version/firefox/3.0.15
- version/firefox/3.0.16
- version/firefox/3.0.17
- version/firefox/3.5
- version/firefox/3.5.1
- version/firefox/3.5.2
- version/firefox/3.5.3
- version/firefox/3.5.4
- version/firefox/3.5.5
- version/firefox/3.5.6
- version/firefox/3.5.7
- version/firefox/3.5.8
- version/firefox/3.5.9
- version/firefox/3.5.10