Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19853
HistoryJun 24, 2010 - 12:00 a.m.

Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability

2010-06-2400:00:00
Root
www.seebug.org
21

0.712 High

EPSS

Percentile

97.7%

JSON

No description provided by source.


                                                -- CVE ID:
CVE-2010-1199

-- Affected Vendors:
Mozilla Firefox

-- Affected Products:
Mozilla Firefox 3.6.x

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or otherwise render a malicious file.

The specific flaw exists within a particular XSLT transformation when
applied to an XML document. If a large number of elements have this
transformation applied to them, the application will misallocate a
buffer. Upon usage of this buffer the application will copy more data
than allocated thus causing an overflow. This can lead to code execution
under the context of the application.

-- Vendor Response:
Mozilla Firefox has issued an update to correct this vulnerability. More
details can be found at:

http://www.mozilla.org/security/announce/2010/mfsa2010-30.html

-- Disclosure Timeline:
2010-03-22 - Vulnerability reported to vendor
2010-06-23 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Martin Barbella

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents 
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

Related

packetstorm 1
exploitpack 1
prion 1
cve 1
veracode 1
securityvulns 3
mozilla 1
zdi 1
ubuntucve 1
exploitdb 1
nessus 45
openvas 83
redhat 5
oraclelinux 4
centos 5
ubuntu 7
debian 3
osv 1
fedora 18
suse 2
freebsd 1
gentoo 1
packetstorm
packetstorm
Month Of Abysssec Undisclosed Bugs - Firefox XSLT Sort Code Execution
2010-09-11 00:00:00
exploitpack
exploitpack
Mozilla Firefox 3.6.3 - XSLT Sort Remote Code Execution
2010-09-09 00:00:00
prion
prion
Integer overflow
2010-06-24 12:30:00
cve
cve
CVE-2010-1199
2010-06-24 12:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:43:50
securityvulns
securityvulns
ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
2010-06-25 00:00:00
Mozilla Foundation Security Advisory 2010-30
2010-06-25 00:00:00
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2010-06-25 00:00:00
mozilla
mozilla
Integer Overflow in XSLT Node Sorting — Mozilla
2010-06-22 00:00:00
zdi
zdi
Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
2010-06-23 00:00:00
ubuntucve
ubuntucve
CVE-2010-1199
2010-06-24 00:00:00
exploitdb
exploitdb
Mozilla Firefox 3.6.3 - XSLT Sort Remote Code Execution
2010-09-09 00:00:00
nessus
nessus
Mozilla Thunderbird < 3.0.5 Multiple Vulnerabilities
2010-06-23 00:00:00
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:126)
2010-06-25 00:00:00
openvas
openvas
Mozilla Products Multiple Vulnerabilities (Jun 2010) - Windows
2010-07-01 00:00:00
Mozilla Products Multiple Vulnerabilities june-10 (Windows)
2010-07-01 00:00:00
CentOS Update for seamonkey CESA-2010:0499 centos3 i386
2010-08-20 00:00:00
redhat
redhat
(RHSA-2010:0499) Critical: seamonkey security update
2010-06-22 00:00:00
(RHSA-2010:0501) Critical: firefox security, bug fix, and enhancement update
2010-06-22 00:00:00
(RHSA-2010:0500) Critical: firefox security, bug fix, and enhancement update
2010-06-22 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2010-06-22 00:00:00
thunderbird security update
2010-07-21 00:00:00
firefox security, bug fix, and enhancement update
2010-06-23 00:00:00
centos
centos
seamonkey security update
2010-07-21 19:15:00
thunderbird security update
2010-08-06 23:32:55
devhelp, esc, firefox, gnome, totem, xulrunner, yelp security update
2010-06-24 16:14:16
ubuntu
ubuntu
Thunderbird vulnerabilities
2010-07-06 00:00:00
apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update
2010-06-29 00:00:00
Firefox regression
2010-06-30 00:00:00
debian
debian
[SECURITY] [DSA 2064-1] New xulrunner packages fix several vulnerabilities
2010-06-27 20:39:12
[Backports-security-announce] Security Update for xulrunner
2010-07-01 11:48:42
[Backports-security-announce] Security Update for xulrunner
2010-07-01 11:54:27
osv
osv
xulrunner - several vulnerabilities
2010-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: firefox-3.6.4-1.fc13
2010-06-24 16:31:49
[SECURITY] Fedora 13 Update: galeon-2.0.7-29.fc13
2010-06-24 16:31:49
[SECURITY] Fedora 13 Update: mozvoikko-1.0-11.fc13
2010-06-24 16:31:49
suse
suse
remote code execution in MozillaFirefox,mozilla-xulrunner191
2010-07-09 14:53:59
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-06-22 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

0.712 High

EPSS

Percentile

97.7%

JSON
Related for SSV:19853
packetstorm1exploitpack1prion1cve1veracode1securityvulns3mozilla1zdi1ubuntucve1exploitdb1nessus45openvas83redhat5oraclelinux4centos5ubuntu7debian3osv1fedora18suse2freebsd1gentoo1