Use After Free in Mozilla Firefox
CVE-2010-2753
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attri…
Vulnerability class: Integer Overflow
EPSS: 0.037 (88.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Mozilla Firefox
- Mozilla Seamonkey
- Mozilla Thunderbird — versions 3.1
- Opensuse — versions 11.3, 11.1, 11.2
- Suse Linux_enterprise_desktop — versions 11
- Suse Linux_enterprise_server — versions 11
- Suse Linux_enterprise_software_development_kit — versions 11
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Issue Tracking)
- SUSE-SA:2010:049 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- oval:org.mitre.oval:def:10958 (Broken Link, x_refsource_OVAL, signature, vdb-entry)
- cve@mitre.org (x_refsource_MISC, Third Party Advisory, VDB Entry)
- 41853 (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)
- 20100721 ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ, VDB Entry, Third Party Advisory, Broken Link)
Frequently asked questions
- What is CVE-2010-2753?
- CVE-2010-2753 is a high-severity vulnerability in Mozilla Firefox, classified under Integer Overflow or Wraparound. CVSS score: 8.8/10. Published 2010-07-30.
- How severe is CVE-2010-2753?
- High severity. CVSS v3 base score is 8.8 out of 10.