Rapid7 Vulnerability & Exploit Database

MFSA2010-50 Thunderbird: Frameset integer overflow vulnerability (CVE-2010-2765)

Back to Search

MFSA2010-50 Thunderbird: Frameset integer overflow vulnerability (CVE-2010-2765)

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

09/09/2010

Created

07/25/2018

Added

02/22/2012

Modified

02/13/2015

Description

Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow.

Solution(s)

mozilla-thunderbird-upgrade-3_0_7
mozilla-thunderbird-upgrade-3_1_3

References

https://attackerkb.com/topics/cve-2010-2765
43095
CVE - 2010-2765
DSA-2106
OVAL11519
SUSE-SA:2010:049
http://www.mozilla.org/security/announce/2010/mfsa2010-50.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

MFSA2010-50 Thunderbird: Frameset integer overflow vulnerability (CVE-2010-2765)