CVE Vulnerabilities

CVE-2010-1196

Published: Jun 24, 2010 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla 3.5.3 3.5.3
Firefox Mozilla 3.5.6 3.5.6
Firefox Mozilla 3.5 3.5
Firefox Mozilla 3.5.5 3.5.5
Firefox Mozilla 3.5.9 3.5.9
Firefox Mozilla 3.5.4 3.5.4
Firefox Mozilla 3.5.7 3.5.7
Firefox Mozilla 3.5.1 3.5.1
Firefox Mozilla 3.5.2 3.5.2

References