CVE-2010-3769Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
8.4%
top 7.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedDec 10
Latest updateMay 17

Description

The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox3.5.15+114
NVDmozilla/seamonkey2.0.10+43
NVDmozilla/thunderbird3.0.10+77

🔴Vulnerability Details

2
GHSA
GHSA-jhhg-4257-5g55: The line-breaking implementation in Mozilla Firefox before 32022-05-17
CVEList
CVE-2010-3769: The line-breaking implementation in Mozilla Firefox before 32010-12-10
CVE-2010-3769 — Mozilla Firefox vulnerability | cvebase