1
PublicDateAtUSN: 2010-07-23
2
Candidate: CVE-2010-2752
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752
6
https://usn.ubuntu.com/usn/usn-930-4
7
https://usn.ubuntu.com/usn/usn-957-1
8
https://usn.ubuntu.com/usn/usn-958-1
10
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11
11
and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before
12
3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute
13
arbitrary code by placing many Cascading Style Sheets (CSS) values in an
14
array, related to references to external font resources and an
15
inconsistency between 16-bit and 32-bit integers.
18
jdstrand> CVEs in Firefox are tracked in the xulrunner source packages for
19
builds that use the system xulrunner, and firefox source packages for those
20
that use a static build
21
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul)
22
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul)
23
xulrunner-1.9: (ignored) reverse dependencies no longer process web content
24
xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content
25
xulrunner-1.9.2: system xul for reverese dependencies that process web content
26
firefox: Ubuntu 6.06 LTS (static build)
27
firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher)
28
firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x)
29
firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead)
30
firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)
34
Assigned-to: chriscoulson
37
upstream_firefox: needs-triage
38
dapper_firefox: ignored (reached end-of-life)
39
hardy_firefox: ignored (uses system xulrunner)
42
lucid_firefox: released (3.6.7+build2+nobinonly-0ubuntu0.10.04.1)
43
maverick_firefox: released (3.6.7+build2+nobinonly-0ubuntu1)
44
natty_firefox: released (3.6.7+build2+nobinonly-0ubuntu1)
45
devel_firefox: released (3.6.7+build2+nobinonly-0ubuntu1)
48
upstream_firefox-3.0: needs-triage (Ubuntu source uses 3.6.x)
49
dapper_firefox-3.0: DNE
50
hardy_firefox-3.0: released (3.6.7+build2+nobinonly-0ubuntu0.8.04.1)
51
jaunty_firefox-3.0: released (3.6.7+build2+nobinonly-0ubuntu0.9.04.1)
52
karmic_firefox-3.0: DNE
53
lucid_firefox-3.0: DNE
54
maverick_firefox-3.0: DNE
55
natty_firefox-3.0: DNE
56
devel_firefox-3.0: DNE
59
upstream_firefox-3.5: needs-triage (Ubuntu source uses 3.6.x)
60
dapper_firefox-3.5: DNE
61
hardy_firefox-3.5: DNE
62
jaunty_firefox-3.5: ignored
63
karmic_firefox-3.5: released (3.6.7+build2+nobinonly-0ubuntu0.9.10.1)
64
lucid_firefox-3.5: DNE
65
maverick_firefox-3.5: DNE
66
natty_firefox-3.5: DNE
67
devel_firefox-3.5: DNE
70
Patches_xulrunner-1.9.2:
71
upstream_xulrunner-1.9.2: needs-triage
72
dapper_xulrunner-1.9.2: DNE
73
hardy_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2)
74
jaunty_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2)
75
karmic_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2)
76
lucid_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1)
77
maverick_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu1)
78
natty_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu1)
79
devel_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu1)
82
Priority_thunderbird: low
83
upstream_thunderbird: released (3.0.6)
84
dapper_thunderbird: DNE
85
hardy_thunderbird: ignored (reached end-of-life)
86
jaunty_thunderbird: ignored (reached end-of-life)
87
karmic_thunderbird: ignored (reached end-of-life)
88
lucid_thunderbird: released (3.0.6+build2+nobinonly-0ubuntu0.10.04.1)
89
maverick_thunderbird: released (3.1.3+build1+nobinonly-0ubuntu1)
90
natty_thunderbird: released (3.1.3+build1+nobinonly-0ubuntu1)
91
devel_thunderbird: released (3.1.3+build1+nobinonly-0ubuntu1)