High severity8.8NVD Advisory· Published Jul 30, 2010· Updated Jun 16, 2026
CVE-2010-2753
CVE-2010-2753
Description
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: >=3.5,<3.5.11
- (no CPE)range: <3.5.11, <3.6.7
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <2.0.6
- (no CPE)range: <2.0.6
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: >=3.0,<3.0.6
- cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*
- (no CPE)range: <3.0.6, <3.1.1
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
- osv-coords3 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1
Patches
Vulnerability mechanics
References
7- bugzilla.mozilla.org/show_bug.cginvdExploitIssue Tracking
- lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.htmlnvdMailing ListThird Party Advisory
- www.mozilla.org/security/announce/2010/mfsa2010-40.htmlnvdVendor Advisory
- www.securityfocus.com/archive/1/512510nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/41853nvdBroken LinkThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-10-131/nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958nvdBroken Link
News mentions
0No linked articles in our index yet.