CVE-2010-2752
published 2010-07-30CVE-2010-2752: Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and…
PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
9.78%
94.9th percentile
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.
Affected
61 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | seamonkey | <= 2.0.5 | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_ubuntu10.0CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
SquirrelMail: CRLF injection vulnerability
vendor_redhat·2011-07-11·CVSS 4.3
CVE-2011-2752 [MEDIUM] SquirrelMail: CRLF injection vulnerability
SquirrelMail: CRLF injection vulnerability
CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2010-07-26·CVSS 4.3
CVE-2010-0654 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Several flaws were discovered in the browser engine of Thunderbird. If a
user were tricked into viewing malicious content, a remote attacker could
use this to crash Thunderbird or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1211, CVE-2010-1212)
An integer overflow was discovered in how Thunderbird processed CSS values.
An attacker could exploit this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2752)
An integer overflow was discovered in how Thunderbird interpreted the XUL
element. If a user were tricked into viewing malicious content, a remote
attacker could use this to crash Thunderbird or possibly run arbitrary code
as the user invoking the program. (CVE-2010-2753)
Aki He
Ubuntu
Firefox and Xulrunner vulnerability
vendor_ubuntu·2010-07-26·CVSS 8.8
CVE-2010-2755 [HIGH] Firefox and Xulrunner vulnerability
Title: Firefox and Xulrunner vulnerability
Summary: Firefox could be made to run programs as your login if it opened a
specially crafted file or website.
USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert
discovered that the fix for CVE-2010-1214 introduced a regression which did
not properly initialize a plugin pointer. If a user were tricked into
viewing a malicious site, a remote attacker could use this to crash the
browser or run arbitrary code as the user invoking the program.
(CVE-2010-2755)
This update fixes the problem.
Original advisory details:
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the us
Ubuntu
Firefox and Xulrunner vulnerabilities
vendor_ubuntu·2010-07-23·CVSS 9.8
CVE-2008-5913 [CRITICAL] Firefox and Xulrunner vulnerabilities
Title: Firefox and Xulrunner vulnerabilities
Summary: Firefox could be made to run programs as your login if it opened a
specially crafted file or website.
USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update
provides the corresponding updates for Ubuntu 9.04 and 9.10, along with
additional updates affecting Firefox 3.6.6.
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
CVE-2010-1212)
An integer overflow was discovered in how Firefox processed plugin
parameters. An attacker could exploit this to crash the browser or possibly
run arbitrary
Ubuntu
ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update
vendor_ubuntu·2010-07-23·CVSS 10.0
[CRITICAL] ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update
Title: ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update
Summary: This update is for use with the new Xulrunner provided in USN-930-4.
USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and
9.10. This update provides updated packages for use with Firefox 3.6 and
Xulrunner 1.9.2.
Original advisory details:
If was discovered that Firefox could be made to access freed memory. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS. (CVE-2010-1121)
Several flaws were discovered in the browser engine of Firefox. If a
user
Ubuntu
Firefox and Xulrunner vulnerabilities
vendor_ubuntu·2010-07-23·CVSS 9.8
CVE-2010-1208 [CRITICAL] Firefox and Xulrunner vulnerabilities
Title: Firefox and Xulrunner vulnerabilities
Summary: Firefox could be made to run programs as your login if it opened a
specially crafted file or website.
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
CVE-2010-1212)
An integer overflow was discovered in how Firefox processed plugin
parameters. An attacker could exploit this to crash the browser or possibly
run arbitrary code as the user invoking the program. (CVE-2010-1214)
A flaw was discovered in the Firefox JavaScript engine. If a user were
tricked into viewing a malicious site, a remote attacker co
Red Hat
nsCSSValue:: Array index integer overflow
vendor_redhat·2010-07-20·CVSS 9.3
CVE-2010-2752 [CRITICAL] CWE-190 nsCSSValue:: Array index integer overflow
nsCSSValue:: Array index integer overflow
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
GHSA
GHSA-p77q-96cj-c83q: Integer overflow in an array class in Mozilla Firefox 3
ghsa_unreviewed·2022-05-17
CVE-2010-2752 [HIGH] GHSA-p77q-96cj-c83q: Integer overflow in an array class in Mozilla Firefox 3
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.
No detection rules found.
Bugzilla
CVE-2011-2752 SquirrelMail: CRLF injection vulnerability
bugzilla·2011-07-18·CVSS 4.3
CVE-2011-2752 [MEDIUM] CVE-2011-2752 SquirrelMail: CRLF injection vulnerability
CVE-2011-2752 SquirrelMail: CRLF injection vulnerability
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2752 to
the following vulnerability:
CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows
remote attackers to modify or add preference values via a \n (newline)
character, a different vulnerability than CVE-2010-4555.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2752
[2] http://www.squirrelmail.org/security/issue/2011-07-11
Upstream patch:
[3] http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119
from which the following subpart:
[4] http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/options.php?view=patch&r1=14084&r2=14119&pathr
Bugzilla
CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow
bugzilla·2010-07-16·CVSS 9.3
CVE-2010-2752 [CRITICAL] CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow
CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow
Security researcher J23 reported via TippingPoint's Zero Day Initiative
that an array class used to store CSS values contained an integer overflow
vulnerability. The 16 bit integer value used in allocating the size of the
array could overflow, resulting in too small a memory buffer being created.
When the array was later populated with CSS values data would be written
past the end of the buffer potentially resulting in the execution of
attacker-controlled memory.
Discussion:
This is now public: http://www.mozilla.org/security/announce/2010/mfsa2010-39.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0547 https://rhn.redhat.com/errata/RHSA-20
http://www.mozilla.org/security/announce/2010/mfsa2010-39.htmlhttp://www.securityfocus.com/archive/1/512514http://www.securityfocus.com/bid/41852http://www.zerodayinitiative.com/advisories/ZDI-10-133/https://bugzilla.mozilla.org/show_bug.cgi?id=574059https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11680http://www.mozilla.org/security/announce/2010/mfsa2010-39.htmlhttp://www.securityfocus.com/archive/1/512514http://www.securityfocus.com/bid/41852http://www.zerodayinitiative.com/advisories/ZDI-10-133/https://bugzilla.mozilla.org/show_bug.cgi?id=574059https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11680
2010-07-30
Published