CVE-2010-2753

NameCVE-2010-2753
DescriptionInteger overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2075-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesourcelenny(not affected)
iceapesource(unstable)2.0.6-1
icedovesourcelenny(unfixed)end-of-life
icedovesource(unstable)3.0.6-1
iceweaselsourcelenny(not affected)
iceweaselsource(unstable)3.5.11-2
xulrunnersourcelenny1.9.0.19-3DSA-2075-1
xulrunnersource(unstable)1.9.1.11-1

Notes

[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
[lenny] - iceape <not-affected> (Only a stub package)
Search for package or bug name: Reporting problems