CVE-2010-1199

critical

Description

Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13287

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10885

https://exchange.xforce.ibmcloud.com/vulnerabilities/59666

https://bugzilla.mozilla.org/show_bug.cgi?id=554255

http://www.zerodayinitiative.com/advisories/ZDI-10-113

http://www.vupen.com/english/advisories/2010/1773

http://www.vupen.com/english/advisories/2010/1640

http://www.vupen.com/english/advisories/2010/1592

http://www.vupen.com/english/advisories/2010/1557

http://www.vupen.com/english/advisories/2010/1556

http://www.vupen.com/english/advisories/2010/1551

http://www.ubuntu.com/usn/usn-930-2

http://www.securitytracker.com/id?1024139

http://www.securitytracker.com/id?1024138

http://www.securityfocus.com/bid/41082

http://www.securityfocus.com/bid/41050

http://www.securityfocus.com/archive/1/511972/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2010-0501.html

http://www.redhat.com/support/errata/RHSA-2010-0500.html

http://www.redhat.com/support/errata/RHSA-2010-0499.html

http://www.mozilla.org/security/announce/2010/mfsa2010-30.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:125

http://www.exploit-db.com/exploits/14949

http://ubuntu.com/usn/usn-930-1

http://support.avaya.com/css/P8/documents/100091069

http://secunia.com/advisories/40481

http://secunia.com/advisories/40401

http://secunia.com/advisories/40326

http://secunia.com/advisories/40323

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html

Details

Source: Mitre, NVD

Published: 2010-06-24

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical