High severity8.8NVD Advisory· Published Jul 30, 2010· Updated Apr 29, 2026
CVE-2010-2753
CVE-2010-2753
Description
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.
Affected products
13cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: >=3.0,<3.0.6
- cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- bugzilla.mozilla.org/show_bug.cginvdExploitIssue Tracking
- lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.htmlnvdMailing ListThird Party Advisory
- www.mozilla.org/security/announce/2010/mfsa2010-40.htmlnvdVendor Advisory
- www.securityfocus.com/archive/1/512510nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/41853nvdBroken LinkThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-10-131/nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958nvdBroken Link
News mentions
0No linked articles in our index yet.