cbcvebase.
CVE-2010-1199
published 2010-06-24

CVE-2010-1199: Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey…

PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
11.42%
95.5th percentile
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.

Affected

89 ranges· showing 25
VendorProductVersion rangeFixed in
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillaseamonkey<= 2.0.4
mozillaseamonkey
mozillaseamonkey
mozillaseamonkey
mozillaseamonkey
mozillaseamonkey
mozillaseamonkey
mozillaseamonkey
mozillaseamonkey
mozillaseamonkey
mozillaseamonkey
mozillaseamonkey
mozillaseamonkey

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/34192.zip
filenameabysssec.xsl
filenameabyssssec.xml
  • Exploit triggers integer overflow via an extremely large BlockCount value (2147483647) used to generate XSLT sort nodes with large text values, causing heap buffer overflow during XSLT node sorting.
  • Exploit generates malicious XSL and XML files (abysssec.xsl / abyssssec.xml) delivered to the victim browser; monitor for creation or serving of these filenames.
  • The vulnerability is triggered by a large text value for an XSLT sort node; network/content inspection for XSLT stylesheets containing xsl:sort elements with very large string data may indicate exploitation attempts.
  • ·Affected versions: Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, SeaMonkey before 2.0.5. Red Hat Enterprise Linux 6 package 'firefox' is listed as Not Affected.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_ubuntu10.0CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.