Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3179Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
9.3CRITICALNVD
EPSS
22.6%
top 4.14%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedOct 21
Latest updateMay 17

Description

Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox3.5.13+91
NVDmozilla/seamonkey2.0.8+41
NVDmozilla/thunderbird3.0.8+71

🔴Vulnerability Details

2
GHSA
GHSA-86hh-v273-w3qf: Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 32022-05-17
CVEList
CVE-2010-3179: Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 32010-10-21

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox SeaMonkey 3.6.10 / Thunderbird 3.1.4 - 'document.write' Memory Corruption2010-10-19

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2010-10-20
Ubuntu
Firefox and Xulrunner vulnerabilities2010-10-20
Red Hat
Mozilla buffer overflow and memory corruption using document.write2010-10-19

💬Community

1
Bugzilla
CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write2010-10-12
CVE-2010-3179 — Mozilla Firefox vulnerability | cvebase