Unrated severityNVD Advisory· Published Jul 30, 2010· Updated Jun 16, 2026
CVE-2010-2755
CVE-2010-2755
Description
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
- (no CPE)range: =3.6.7
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.