CVE-2010-1199 Information

Description

Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4 Thunderbird before 3.0.5 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-930-1 http://www.exploit-db.com/exploits/14949 http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 http://www.mozilla.org/security/announce/2010/mfsa2010-30.html http://www.redhat.com/support/errata/RHSA-2010-0499.html http://www.redhat.com/support/errata/RHSA-2010-0500.html http://www.redhat.com/support/errata/RHSA-2010-0501.html http://www.securityfocus.com/archive/1/511972/100/0/threaded http://www.securityfocus.com/bid/41050 http://www.securityfocus.com/bid/41082 http://www.securitytracker.com/id?1024138 http://www.securitytracker.com/id?1024139 http://www.ubuntu.com/usn/usn-930-2 http://www.vupen.com/english/advisories/2010/1551 http://www.vupen.com/english/advisories/2010/1556 http://www.vupen.com/english/advisories/2010/1557 http://www.vupen.com/english/advisories/2010/1592 http://www.vupen.com/english/advisories/2010/1640 http://www.vupen.com/english/advisories/2010/1773 http://www.zerodayinitiative.com/advisories/ZDI-10-113 https://bugzilla.mozilla.org/show_bug.cgi?id=554255 https://exchange.xforce.ibmcloud.com/vulnerabilities/59666 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10885 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A13287