CVE-2010-1214
published 2010-07-30CVE-2010-1214: Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code…
PriorityP355critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.58%
93.8th percentile
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.
Affected
55 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | seamonkey | <= 2.0.5 | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_ubuntu10.0CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox and Xulrunner vulnerability
vendor_ubuntu·2010-07-26·CVSS 8.8
CVE-2010-2755 [HIGH] Firefox and Xulrunner vulnerability
Title: Firefox and Xulrunner vulnerability
Summary: Firefox could be made to run programs as your login if it opened a
specially crafted file or website.
USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert
discovered that the fix for CVE-2010-1214 introduced a regression which did
not properly initialize a plugin pointer. If a user were tricked into
viewing a malicious site, a remote attacker could use this to crash the
browser or run arbitrary code as the user invoking the program.
(CVE-2010-2755)
This update fixes the problem.
Original advisory details:
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the us
Ubuntu
Firefox and Xulrunner vulnerability
vendor_ubuntu·2010-07-26·CVSS 10.0
CVE-2010-2755 [CRITICAL] Firefox and Xulrunner vulnerability
Title: Firefox and Xulrunner vulnerability
Summary: Firefox could be made to run programs as your login if it opened a
specially crafted file or website.
USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert
discovered that the fix for CVE-2010-1214 introduced a regression which did
not properly initialize a plugin pointer. If a user were tricked into
viewing a malicious site, a remote attacker could use this to crash the
browser or run arbitrary code as the user invoking the program.
(CVE-2010-2755)
This update fixes the problem.
Original advisory details:
If was discovered that Firefox could be made to access freed memory. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with
Red Hat
Mozilla arbitrary free flaw
vendor_redhat·2010-07-24·CVSS 9.3
CVE-2010-2755 [CRITICAL] Mozilla arbitrary free flaw
Mozilla arbitrary free flaw
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Ubuntu
Firefox and Xulrunner vulnerabilities
vendor_ubuntu·2010-07-23·CVSS 9.8
CVE-2008-5913 [CRITICAL] Firefox and Xulrunner vulnerabilities
Title: Firefox and Xulrunner vulnerabilities
Summary: Firefox could be made to run programs as your login if it opened a
specially crafted file or website.
USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update
provides the corresponding updates for Ubuntu 9.04 and 9.10, along with
additional updates affecting Firefox 3.6.6.
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
CVE-2010-1212)
An integer overflow was discovered in how Firefox processed plugin
parameters. An attacker could exploit this to crash the browser or possibly
run arbitrary
Ubuntu
ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update
vendor_ubuntu·2010-07-23·CVSS 10.0
[CRITICAL] ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update
Title: ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update
Summary: This update is for use with the new Xulrunner provided in USN-930-4.
USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and
9.10. This update provides updated packages for use with Firefox 3.6 and
Xulrunner 1.9.2.
Original advisory details:
If was discovered that Firefox could be made to access freed memory. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS. (CVE-2010-1121)
Several flaws were discovered in the browser engine of Firefox. If a
user
Ubuntu
Firefox and Xulrunner vulnerabilities
vendor_ubuntu·2010-07-23·CVSS 9.8
CVE-2010-1208 [CRITICAL] Firefox and Xulrunner vulnerabilities
Title: Firefox and Xulrunner vulnerabilities
Summary: Firefox could be made to run programs as your login if it opened a
specially crafted file or website.
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
CVE-2010-1212)
An integer overflow was discovered in how Firefox processed plugin
parameters. An attacker could exploit this to crash the browser or possibly
run arbitrary code as the user invoking the program. (CVE-2010-1214)
A flaw was discovered in the Firefox JavaScript engine. If a user were
tricked into viewing a malicious site, a remote attacker co
Red Hat
Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
vendor_redhat·2010-07-20·CVSS 9.3
CVE-2010-1214 [CRITICAL] Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
GHSA
GHSA-fwcv-j34v-fh3m: layout/generic/nsObjectFrame
ghsa_unreviewed·2022-05-17·CVSS 9.3
CVE-2010-2755 [CRITICAL] GHSA-fwcv-j34v-fh3m: layout/generic/nsObjectFrame
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
GHSA
GHSA-pwm3-w76v-hxc8: Integer overflow in Mozilla Firefox 3
ghsa_unreviewed·2022-05-02
CVE-2010-1214 [HIGH] GHSA-pwm3-w76v-hxc8: Integer overflow in Mozilla Firefox 3
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.
Suricata
ET WEB_CLIENT Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Attempt
suricata·2010-09-27
CVE-2010-1214 ET WEB_CLIENT Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Attempt
ET WEB_CLIENT Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Attempt
Rule: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Attempt"; flow:established,to_client; content:"appletComponentArch.DynamicTreeApplet"; nocase; content:"PARAM"; nocase; distance:0; content:"PARAM"; nocase; distance:0; content:"PARAM"; nocase; distance:0; content:"PARAM"; nocase; distance:0; content:"PARAM"; nocase; distance:0; content:"PARAM"; nocase; distance:0; content:"PARAM"; nocase; distance:0; content:"PARAM"; nocase; distance:0; content:"PARAM"; nocase; distance:0; content:"PARAM"; nocase; distance:0; reference:url,www.exploit-db.com/moaub-17-firefox-plugin-parameter-ensurecachedattr
Exploit-DB
Mozilla Firefox 3.6.4 - 'Plugin' EnsureCachedAttrParamArrays Remote Code Execution
exploitdb·2010-09-17·CVSS 9.3
CVE-2010-1214 [CRITICAL] Mozilla Firefox 3.6.4 - 'Plugin' EnsureCachedAttrParamArrays Remote Code Execution
Mozilla Firefox 3.6.4 - 'Plugin' EnsureCachedAttrParamArrays Remote Code Execution
---
'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _
page demonstration
"""
i=0
while(i\n";
i=i+1
myStyle = myStyle + """
"""
cssFile = open("Abysssec.html","w")
cssFile.write(myStyle)
cssFile.close()
Exploit-DB
Mozilla Firefox and SeaMonkey Plugin Parameters - Remote Buffer Overflow
exploitdb·2010-07-20
CVE-2010-1214 Mozilla Firefox and SeaMonkey Plugin Parameters - Remote Buffer Overflow
Mozilla Firefox and SeaMonkey Plugin Parameters - Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/41842/info
Mozilla Firefox and SeaMonkey are prone to a buffer-overflow vulnerability.
An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
This issue is fixed in:
Firefox 3.6.7
Firefox 3.5.11
SeaMonkey 2.0.6
NOTE: This issue was previously covered in BID 41824 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-34 Through -47 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.
https://gitlab.com/exploit-database/exp
http://www.mozilla.org/security/announce/2010/mfsa2010-37.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=572985https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685http://www.mozilla.org/security/announce/2010/mfsa2010-37.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=572985https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685
2010-07-30
Published