CVE-2010-3767 — Integer Overflow or Wraparound in Mozilla Firefox

CWE-189 CWE-190 — Integer Overflow or Wraparound7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

4.6%

top 10.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 10

Latest updateMay 17

Description

Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.5.15+95

▶NVDmozilla/seamonkey44 versions+43

🔴Vulnerability Details

GHSA

GHSA-g65j-65qf-2mcj: Integer overflow in the NewIdArray function in Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2010-3767: Integer overflow in the NewIdArray function in Mozilla Firefox before 3↗2010-12-10

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-12-09

▶

Red Hat

Mozilla integer overflow vulnerability in NewIdArray (MFSA 2010-81)↗2010-12-09

▶

Red Hat

OpenLDAP: Doesn't properly handle NULL character in subject Common Name↗2009-08-10

▶

💬Community

Bugzilla

CVE-2010-3767 Mozilla integer overflow vulnerability in NewIdArray (MFSA 2010-81)↗2010-12-06

▶