CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
98.3%
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | 3.5 | cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:* |
mozilla | firefox | 3.5.1 | cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:* |
mozilla | firefox | 3.5.2 | cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:* |
mozilla | firefox | 3.5.3 | cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:* |
mozilla | firefox | 3.5.4 | cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:* |
mozilla | firefox | 3.5.5 | cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:* |
mozilla | firefox | 3.5.6 | cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:* |
mozilla | firefox | 3.5.7 | cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:* |
mozilla | firefox | 3.5.9 | cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:* |
mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html
lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html
lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html
secunia.com/advisories/40323
secunia.com/advisories/40326
secunia.com/advisories/40401
secunia.com/advisories/40481
support.avaya.com/css/P8/documents/100091069
ubuntu.com/usn/usn-930-1
www.exploit-db.com/exploits/14949
www.mandriva.com/security/advisories?name=MDVSA-2010:125
www.mozilla.org/security/announce/2010/mfsa2010-30.html
www.redhat.com/support/errata/RHSA-2010-0499.html
www.redhat.com/support/errata/RHSA-2010-0500.html
www.redhat.com/support/errata/RHSA-2010-0501.html
www.securityfocus.com/archive/1/511972/100/0/threaded
www.securityfocus.com/bid/41050
www.securityfocus.com/bid/41082
www.securitytracker.com/id?1024138
www.securitytracker.com/id?1024139
www.ubuntu.com/usn/usn-930-2
www.vupen.com/english/advisories/2010/1551
www.vupen.com/english/advisories/2010/1556
www.vupen.com/english/advisories/2010/1557
www.vupen.com/english/advisories/2010/1592
www.vupen.com/english/advisories/2010/1640
www.vupen.com/english/advisories/2010/1773
www.zerodayinitiative.com/advisories/ZDI-10-113
bugzilla.mozilla.org/show_bug.cgi?id=554255
exchange.xforce.ibmcloud.com/vulnerabilities/59666
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10885
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13287