VulnerableCode Vulnerability Details - VCID-depk-81ux-wua9

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-depk-81ux-wua9

Essentials
Severities (2)
References (11)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-depk-81ux-wua9
Aliases	CVE-2010-1196
Summary	Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the string would overflow, resulting in too small a buffer being allocated. An attacker could use this vulnerability to write data past the end of the buffer, causing a crash and potentially running arbitrary code on a victim's computer.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-122

Heap-based Buffer Overflow

System	Score	Found at
epss	0.05226	https://api.first.org/data/v1/epss?cve=CVE-2010-1196
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2010-29

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1196.json
		https://api.first.org/data/v1/epss?cve=CVE-2010-1196
590830		https://bugzilla.redhat.com/show_bug.cgi?id=590830
CVE-2010-1196		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196
GLSA-201301-01		https://security.gentoo.org/glsa/201301-01
mfsa2010-29		https://www.mozilla.org/en-US/security/advisories/mfsa2010-29
RHSA-2010:0500		https://access.redhat.com/errata/RHSA-2010:0500
RHSA-2010:0501		https://access.redhat.com/errata/RHSA-2010:0501
USN-930-1		https://usn.ubuntu.com/930-1/
USN-930-4		https://usn.ubuntu.com/930-4/
USN-943-1		https://usn.ubuntu.com/943-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.90094
EPSS Score	0.05226
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:27:15.598310+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2010/mfsa2010-29.md	38.6.0