[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-1196

Date: (C)2010-06-24   (M)2017-09-22
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.

Reference:
SECTRACK-1024138
SECTRACK-1024139
SECUNIA-40323
SECUNIA-40326
SECUNIA-40401
SECUNIA-40481
BID-41050
BID-41087
ADV-2010-1551
ADV-2010-1557
ADV-2010-1592
ADV-2010-1640
ADV-2010-1773
FEDORA-2010-10344
FEDORA-2010-10361
MDVSA-2010:125
RHSA-2010:0500
RHSA-2010:0501
SUSE-SA:2010:030
USN-930-1
USN-930-2
firefox-nsgenericdomdatanode-bo(59665)
http://support.avaya.com/css/P8/documents/100091069
http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
https://bugzilla.mozilla.org/show_bug.cgi?id=534666

CPE    100
cpe:/a:mozilla:thunderbird:3.0.4
cpe:/a:mozilla:thunderbird:3.0.3
cpe:/a:mozilla:thunderbird:3.0.2
cpe:/a:mozilla:thunderbird:3.0.1
...
CWE    1
CWE-189
OVAL    37
oval:org.secpod.oval:def:300313
oval:org.secpod.oval:def:100661
oval:org.secpod.oval:def:100385
oval:org.secpod.oval:def:800
...

© 2013 SecPod Technologies