Published: 10/12/2010 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Integer overflow in the NewIdArray function in Mozilla Firefox prior to 3.5.16 and 3.6.x prior to 3.6.13, and SeaMonkey prior to 2.0.11, allows remote malicious users to execute arbitrary code via a JavaScript array with many elements.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.6
mozilla firefox 3.6.8
mozilla firefox 3.6.2
mozilla firefox 3.6.10
mozilla firefox 3.6.9
mozilla firefox 3.6.3
mozilla firefox 3.6.4
mozilla firefox 3.6.11
mozilla firefox 3.6.12
mozilla firefox 3.6.6
mozilla firefox 3.6.7
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.2
mozilla seamonkey 1.1
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1.5
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.1.10
mozilla seamonkey 1.0
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.8
mozilla seamonkey 2.0
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.10
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.9
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.3
mozilla seamonkey 1.1.6
mozilla seamonkey 1.5.0.8
mozilla seamonkey 1.5.0.9
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.9
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.3
mozilla seamonkey 1.5.0.10
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.7
mozilla firefox 3.5.7
mozilla firefox 3.5.10
mozilla firefox 3.0.14
mozilla firefox 3.0.13
mozilla firefox 3.0.5
mozilla firefox 3.0.4
mozilla firefox 2.0.0.19
mozilla firefox 2.0.0.20
mozilla firefox 2.0.0.15
mozilla firefox 2.0.0.13
mozilla firefox 2.0.0.7
mozilla firefox 2.0.0.2
mozilla firefox 2.0.0.1
mozilla firefox 1.5.0.12
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.8
mozilla firefox 1.5.0.9
mozilla firefox 1.5.0.6
mozilla firefox 1.0.1
mozilla firefox 1.0
mozilla firefox 1.0.8
mozilla firefox 3.5.1
mozilla firefox 3.5.2
mozilla firefox 3.5.9
mozilla firefox 3.5.8
mozilla firefox 3.0.12
mozilla firefox 3.0.11
mozilla firefox 3.0.10
mozilla firefox 3.0.3
mozilla firefox 3.0.2
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.9
mozilla firefox 2.0
mozilla firefox 2.0.0.18
mozilla firefox 1.5
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.7
mozilla firefox 1.0.3
mozilla firefox 1.0.2
mozilla firefox 3.5.11
mozilla firefox 3.5.12
mozilla firefox 3.5.5
mozilla firefox 3.5.6
mozilla firefox 3.0.16
mozilla firefox 3.0.15
mozilla firefox 3.0.7
mozilla firefox 3.0.6
mozilla firefox 2.0.0.14
mozilla firefox 2.0.0.12
mozilla firefox 2.0.0.16
mozilla firefox 2.0.0.11
mozilla firefox 2.0.0.4
mozilla firefox 2.0.0.3
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.11
mozilla firefox 1.5.1
mozilla firefox 1.5.2
mozilla firefox 1.5.6
mozilla firefox 1.5.5
mozilla firefox 1.0.7
mozilla firefox 1.0.6
mozilla firefox
mozilla firefox 3.5.3
mozilla firefox 3.5.4
mozilla firefox 3.5
mozilla firefox 3.0.17
mozilla firefox 3.0.9
mozilla firefox 3.0.8
mozilla firefox 3.0.1
mozilla firefox 3.0
mozilla firefox 2.0.0.17
mozilla firefox 2.0.0.10
mozilla firefox 2.0.0.6
mozilla firefox 2.0.0.5
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.2
mozilla firefox 1.5.3
mozilla firefox 1.5.4
mozilla firefox 1.5.8
mozilla firefox 1.5.7
mozilla firefox 1.0.5
mozilla firefox 1.0.4
mozilla firefox 3.5.13
mozilla firefox 3.5.14

Firefox could be made to crash or run programs as your login if it opened a specially crafted website ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications The Common Vulnerabilities and Exposures project identifies the following problems: For the stable distribution (lenny), these problems have been fixed in version 19019-7 For the upcoming stable version (squeeze) and the unstable distri ...

Mozilla Foundation Security Advisory 2010-81 Integer overflow vulnerability in NewIdArray Announced December 9, 2010 Reporter regenrecht Impact Critical Products Firefox, SeaMonkey Fixed in ...

CWE-189 http://www.mozilla.org/security/announce/2010/mfsa2010-81.html https://bugzilla.mozilla.org/show_bug.cgi?id=599468 http://www.redhat.com/support/errata/RHSA-2010-0968.html http://www.securitytracker.com/id?1024848 http://www.debian.org/security/2010/dsa-2132 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html http://www.redhat.com/support/errata/RHSA-2010-0966.html http://www.redhat.com/support/errata/RHSA-2010-0967.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html http://www.ubuntu.com/usn/USN-1019-1 http://support.avaya.com/css/P8/documents/100124650 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html http://secunia.com/advisories/42716 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://secunia.com/advisories/42818 http://www.vupen.com/english/advisories/2011/0030 http://www.mandriva.com/security/advisories?name=MDVSA-2010:251 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12610 https://usn.ubuntu.com/1019-1/https://nvd.nist.gov

Get Started

CVE-2010-3767

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect