Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1214Mozilla Seamonkey vulnerability

CWE-18917 documents8 sources
Severity
10.0CRITICALNVD
NVD9.3CNA9.3
EPSS
7.3%
top 8.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mozilla SeamonkeyMozilla Firefox
Timeline
PublishedJul 30
Latest updateMay 17

Description

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/seamonkey2.0.5+39
NVDmozilla/firefox15 versions+14

🔴Vulnerability Details

4
GHSA
GHSA-fwcv-j34v-fh3m: layout/generic/nsObjectFrame2022-05-17
GHSA
GHSA-pwm3-w76v-hxc8: Integer overflow in Mozilla Firefox 32022-05-02
CVEList
CVE-2010-1214: Integer overflow in Mozilla Firefox 32010-07-30
CVEList
CVE-2010-2755: layout/generic/nsObjectFrame2010-07-29

💥Exploits & PoCs

2
Exploit-DB
Mozilla Firefox 3.6.4 - 'Plugin' EnsureCachedAttrParamArrays Remote Code Execution2010-09-17
Exploit-DB
Mozilla Firefox and SeaMonkey Plugin Parameters - Remote Buffer Overflow2010-07-20

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Attempt2010-09-27

📋Vendor Advisories

7
Ubuntu
Firefox and Xulrunner vulnerability2010-07-26
Ubuntu
Firefox and Xulrunner vulnerability2010-07-26
Red Hat
Mozilla arbitrary free flaw2010-07-24
Ubuntu
Firefox and Xulrunner vulnerabilities2010-07-23
Ubuntu
ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update2010-07-23

💬Community

1
Bugzilla
CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability2010-07-16
CVE-2010-1214 — Mozilla Seamonkey vulnerability | cvebase