VulnerableCode Vulnerability Details - VCID-3cum-vygx-wfae

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-3cum-vygx-wfae

Essentials
Severities (2)
References (11)
Severity details (1)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-3cum-vygx-wfae
Aliases	CVE-2010-2752
Summary	Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
epss	0.07986	https://api.first.org/data/v1/epss?cve=CVE-2010-2752
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2010-39

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2752.json
		https://api.first.org/data/v1/epss?cve=CVE-2010-2752
615464		https://bugzilla.redhat.com/show_bug.cgi?id=615464
CVE-2010-2752		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752
CVE-2010-2752	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15104.py
GLSA-201301-01		https://security.gentoo.org/glsa/201301-01
mfsa2010-39		https://www.mozilla.org/en-US/security/advisories/mfsa2010-39
RHSA-2010:0547		https://access.redhat.com/errata/RHSA-2010:0547
USN-930-4		https://usn.ubuntu.com/930-4/
USN-957-1		https://usn.ubuntu.com/957-1/
USN-958-1		https://usn.ubuntu.com/958-1/

Data source	Exploit-DB
Date added	Sept. 25, 2010
Description	Mozilla Firefox CSS - font-face Remote Code Execution
Ransomware campaign use	Known
Source publication date	Sept. 25, 2010
Exploit type	dos
Platform	windows
Source update date	Sept. 25, 2010

Exploit Prediction Scoring System (EPSS)

Percentile	0.92207
EPSS Score	0.07986
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:27:18.421066+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2010/mfsa2010-39.md	38.6.0