Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2752Integer Overflow or Wraparound in Mozilla Seamonkey

CWE-189CWE-190Integer Overflow or Wraparound13 documents7 sources
Severity
9.3CRITICALNVD
EPSS
8.0%
top 7.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Mozilla SeamonkeyMozilla FirefoxMozilla Thunderbird
Timeline
PublishedJul 30
Latest updateMay 17

Description

Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/seamonkey2.0.5+39
NVDmozilla/firefox14 versions+13
NVDmozilla/thunderbird7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-p77q-96cj-c83q: Integer overflow in an array class in Mozilla Firefox 32022-05-17
CVEList
CVE-2010-2752: Integer overflow in an array class in Mozilla Firefox 32010-07-30

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox CSS - font-face Remote Code Execution2010-09-25

📋Vendor Advisories

7
Red Hat
SquirrelMail: CRLF injection vulnerability2011-07-11
Ubuntu
Thunderbird vulnerabilities2010-07-26
Ubuntu
Firefox and Xulrunner vulnerability2010-07-26
Ubuntu
Firefox and Xulrunner vulnerabilities2010-07-23
Ubuntu
ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update2010-07-23

💬Community

2
Bugzilla
CVE-2011-2752 SquirrelMail: CRLF injection vulnerability2011-07-18
Bugzilla
CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow2010-07-16
CVE-2010-2752 — Integer Overflow or Wraparound | cvebase