CVE-2010-1196 — Heap-based Buffer Overflow in Mozilla Seamonkey

CWE-189 CWE-122 — Heap-based Buffer Overflow12 documents6 sources

Severity

9.3CRITICALNVD

EPSS

5.2%

top 10.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox

Timeline

PublishedJun 24

Latest updateMay 2

Description

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/seamonkey2.0.4+34

▶NVDmozilla/thunderbird3.0.4+41

▶NVDmozilla/firefox12 versions+11

🔴Vulnerability Details

GHSA

GHSA-9h7f-qfpr-g776: Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3↗2022-05-02

▶

CVEList

CVE-2010-1196: Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3↗2010-06-23

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerability↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Ubuntu

ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update↗2010-07-23

▶

Ubuntu

Thunderbird vulnerabilities↗2010-07-06

▶

Ubuntu

Firefox regression↗2010-06-30

▶

💬Community

Bugzilla

CVE-2010-1196 Mozilla Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal↗2010-05-10

▶