[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-1196

Date: (C)2010-06-24   (M)2017-11-18 


Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.

CVSS Score: 9.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1024138
SECTRACK-1024139
SECUNIA-40323
SECUNIA-40326
SECUNIA-40401
SECUNIA-40481
BID-41050
BID-41087
ADV-2010-1551
ADV-2010-1557
ADV-2010-1592
ADV-2010-1640
ADV-2010-1773
FEDORA-2010-10344
FEDORA-2010-10361
MDVSA-2010:125
RHSA-2010:0500
RHSA-2010:0501
SUSE-SA:2010:030
USN-930-1
USN-930-2
firefox-nsgenericdomdatanode-bo(59665)
http://support.avaya.com/css/P8/documents/100091069
http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
https://bugzilla.mozilla.org/show_bug.cgi?id=534666

CPE    100
cpe:/a:mozilla:firefox:3.5.7
cpe:/a:mozilla:firefox:3.5.5
cpe:/a:mozilla:firefox:3.5.6
cpe:/a:mozilla:firefox:3.5.9
...
CWE    1
CWE-189
OVAL    37
oval:org.secpod.oval:def:300313
oval:org.secpod.oval:def:100661
oval:org.secpod.oval:def:100385
oval:org.secpod.oval:def:800
...

© 2013 SecPod Technologies