CVE-2010-3166 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow9 documents6 sources

Severity

9.3CRITICALNVD

EPSS

6.0%

top 9.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedSep 9

Latest updateMay 17

Description

Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.5.11+87

▶NVDmozilla/seamonkey2.0.6+40

▶NVDmozilla/thunderbird3.0.6+67

🔴Vulnerability Details

GHSA

GHSA-v78f-cp57-fcpm: Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2010-3166: Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3↗2010-09-09

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner regression↗2010-09-16

▶

Ubuntu

Thunderbird regression↗2010-09-16

▶

Ubuntu

Thunderbird vulnerabilities↗2010-09-08

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-09-08

▶

Red Hat

nsTextFrameUtils:: TransformText (MFSA 2010-53)↗2010-09-07

▶

💬Community

Bugzilla

CVE-2010-3166 Mozilla Heap buffer overflow in nsTextFrameUtils::TransformText (MFSA 2010-53)↗2010-09-03

▶