CVE-2010-2765 | Ubuntu

Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	11.04 natty	Fixed 3.6.9+build1+nobinonly-0ubuntu1
	10.10 maverick	Fixed 3.6.9+build1+nobinonly-0ubuntu1
	10.04 LTS lucid	Fixed 3.6.9+build1+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Ignored end of life
firefox-3.0	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Fixed 3.6.9+build1+nobinonly-0ubuntu0.9.04.1
	8.04 LTS hardy	Fixed 3.6.9+build1+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release
firefox-3.5	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Fixed 3.6.9+build1+nobinonly-0ubuntu0.9.10.2
	9.04 jaunty	Fixed 3.5.12+build1+nobinonly-0ubuntu0.9.04.1
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
seamonkey	11.04 natty	Fixed 2.0.7+build1+nobinonly-0ubuntu1
	10.10 maverick	Fixed 2.0.7+build1+nobinonly-0ubuntu1
	10.04 LTS lucid	Fixed 2.0.7+build1+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Fixed 2.0.8+build1+nobinonly-0ubuntu0.9.10.1
	9.04 jaunty	Fixed 2.0.8+build1+nobinonly-0ubuntu0.9.04.1
	8.04 LTS hardy	Fixed 2.0.8+build1+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release
thunderbird	11.04 natty	Fixed 3.1.3+build1+nobinonly-0ubuntu1
	10.10 maverick	Fixed 3.1.3+build1+nobinonly-0ubuntu1
	10.04 LTS lucid	Fixed 3.0.7+build1+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Ignored end of life
	9.04 jaunty	Ignored end of life
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Not in release
xulrunner-1.9.1	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Fixed 1.9.1.12+build1+nobinonly-0ubuntu0.9.10.2
	9.04 jaunty	Fixed 1.9.1.12+build1+nobinonly-0ubuntu0.9.04.1
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
xulrunner-1.9.2	11.04 natty	Fixed 1.9.2.9+build1+nobinonly-0ubuntu1
	10.10 maverick	Fixed 1.9.2.9+build1+nobinonly-0ubuntu1
	10.04 LTS lucid	Fixed 1.9.2.9+build1+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Fixed 1.9.2.9+build1+nobinonly-0ubuntu0.9.10.1
	9.04 jaunty	Fixed 1.9.2.9+build1+nobinonly-0ubuntu0.9.04.1
	8.04 LTS hardy	Fixed 1.9.2.9+build1+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release

Notes

jdstrand

CVEs in Firefox are tracked in the xulrunner source packages for builds that use the system xulrunner, and firefox source packages for those that use a static build xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul) xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul) xulrunner-1.9: (ignored) reverse dependencies no longer process web content xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content xulrunner-1.9.2: system xul for reverese dependencies that process web content firefox: Ubuntu 6.06 LTS (static build) firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher) firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x) firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead) firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)

References

Related Ubuntu Security Notices (USN)

USN-975-1
Firefox and Xulrunner vulnerabilities
8 September 2010

USN-978-1
Thunderbird vulnerabilities
8 September 2010

Other references

https://www.cve.org/CVERecord?id=CVE-2010-2765