Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:1782
[Eng]
Version
5
Class
patch
ALTXid
40300
Language
Russian
Severity
Critical
Title
Обновление RHSA-2010:0966: устранение уязвимостей в firefox
Description
Multiple security issues were fixed in this update.
Family
unix
Platform
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product
firefox
xulrunner
Reference
VENDOR: RHSA-2010:0966-01
VENDOR: RHSA-2010:0966-01
Id:
RHSA-2010:0966-01
Reference:
https://rhn.redhat.com/errata/RHSA-2010-0966.html
CVE: CVE-2010-3766
CVE: CVE-2010-3766
Id:
CVE-2010-3766
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766
Comment
: Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
https://bugzilla.mozilla.org/show_bug.cgi?id=590771 (CONFIRM)
http://www.mozilla.org/security/announce/2010/mfsa2010-80.html (CONFIRM)
FEDORA-2010-18773 (FEDORA)
FEDORA-2010-18920 (FEDORA)
45326 (BID)
http://www.zerodayinitiative.com/advisories/ZDI-10-264/ (MISC)
RHSA-2010:0966 (REDHAT)
http://support.avaya.com/css/P8/documents/100124650 (CONFIRM)
FEDORA-2010-18890 (FEDORA)
USN-1019-1 (UBUNTU)
FEDORA-2010-18775 (FEDORA)
42716 (SECUNIA)
1024848 (SECTRACK)
SUSE-SA:2011:003 (SUSE)
ADV-2011-0030 (VUPEN)
42818 (SECUNIA)
MDVSA-2010:251 (MANDRIVA)
oval:org.mitre.oval:def:12649 (OVAL)
CVE: CVE-2010-3767
CVE: CVE-2010-3767
Id:
CVE-2010-3767
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767
Comment
: Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
http://www.mozilla.org/security/announce/2010/mfsa2010-81.html (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=599468 (CONFIRM)
RHSA-2010:0968 (REDHAT)
1024848 (SECTRACK)
DSA-2132 (DEBIAN)
FEDORA-2010-18775 (FEDORA)
RHSA-2010:0966 (REDHAT)
RHSA-2010:0967 (REDHAT)
FEDORA-2010-18773 (FEDORA)
USN-1019-1 (UBUNTU)
http://support.avaya.com/css/P8/documents/100124650 (CONFIRM)
FEDORA-2010-18920 (FEDORA)
FEDORA-2010-18890 (FEDORA)
42716 (SECUNIA)
SUSE-SA:2011:003 (SUSE)
42818 (SECUNIA)
ADV-2011-0030 (VUPEN)
MDVSA-2010:251 (MANDRIVA)
oval:org.mitre.oval:def:12610 (OVAL)
CVE: CVE-2010-3768
CVE: CVE-2010-3768
Id:
CVE-2010-3768
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768
Comment
: Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
20 (Improper Input Validation)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=660420 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=527276 (CONFIRM)
http://www.mozilla.org/security/announce/2010/mfsa2010-78.html (CONFIRM)
FEDORA-2010-18890 (FEDORA)
USN-1019-1 (UBUNTU)
FEDORA-2010-18920 (FEDORA)
1024848 (SECTRACK)
USN-1020-1 (UBUNTU)
RHSA-2010:0966 (REDHAT)
42716 (SECUNIA)
FEDORA-2010-18777 (FEDORA)
1024846 (SECTRACK)
FEDORA-2010-18773 (FEDORA)
RHSA-2010:0969 (REDHAT)
FEDORA-2010-18778 (FEDORA)
FEDORA-2010-18775 (FEDORA)
http://support.avaya.com/css/P8/documents/100124650 (CONFIRM)
SUSE-SA:2011:003 (SUSE)
ADV-2011-0030 (VUPEN)
42818 (SECUNIA)
45352 (BID)
MDVSA-2010:251 (MANDRIVA)
MDVSA-2010:258 (MANDRIVA)
oval:org.mitre.oval:def:12533 (OVAL)
CVE: CVE-2010-3770
CVE: CVE-2010-3770
Id:
CVE-2010-3770
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770
Comment
: Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
https://bugzilla.mozilla.org/show_bug.cgi?id=601429 (CONFIRM)
http://www.mozilla.org/security/announce/2010/mfsa2010-84.html (CONFIRM)
45353 (BID)
1024851 (SECTRACK)
DSA-2132 (DEBIAN)
FEDORA-2010-18920 (FEDORA)
42716 (SECUNIA)
FEDORA-2010-18775 (FEDORA)
RHSA-2010:0966 (REDHAT)
FEDORA-2010-18890 (FEDORA)
FEDORA-2010-18773 (FEDORA)
USN-1019-1 (UBUNTU)
http://support.avaya.com/css/P8/documents/100124650 (CONFIRM)
SUSE-SA:2011:003 (SUSE)
ADV-2011-0030 (VUPEN)
42818 (SECUNIA)
MDVSA-2010:251 (MANDRIVA)
oval:org.mitre.oval:def:12348 (OVAL)
CVE: CVE-2010-3771
CVE: CVE-2010-3771
Id:
CVE-2010-3771
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771
Comment
: Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
http://www.mozilla.org/security/announce/2010/mfsa2010-76.html (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=609437 (CONFIRM)
45346 (BID)
RHSA-2010:0966 (REDHAT)
FEDORA-2010-18775 (FEDORA)
DSA-2132 (DEBIAN)
FEDORA-2010-18773 (FEDORA)
http://support.avaya.com/css/P8/documents/100124650 (CONFIRM)
FEDORA-2010-18890 (FEDORA)
USN-1019-1 (UBUNTU)
42716 (SECUNIA)
1024848 (SECTRACK)
FEDORA-2010-18920 (FEDORA)
SUSE-SA:2011:003 (SUSE)
ADV-2011-0030 (VUPEN)
42818 (SECUNIA)
MDVSA-2010:251 (MANDRIVA)
oval:org.mitre.oval:def:12343 (OVAL)
CVE: CVE-2010-3772
CVE: CVE-2010-3772
Id:
CVE-2010-3772
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772
Comment
: Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
https://bugzilla.mozilla.org/show_bug.cgi?id=594547 (CONFIRM)
http://www.mozilla.org/security/announce/2010/mfsa2010-77.html (CONFIRM)
45351 (BID)
RHSA-2010:0968 (REDHAT)
FEDORA-2010-18773 (FEDORA)
42716 (SECUNIA)
USN-1019-1 (UBUNTU)
FEDORA-2010-18890 (FEDORA)
RHSA-2010:0967 (REDHAT)
FEDORA-2010-18920 (FEDORA)
http://support.avaya.com/css/P8/documents/100124650 (CONFIRM)
FEDORA-2010-18775 (FEDORA)
RHSA-2010:0966 (REDHAT)
1024848 (SECTRACK)
DSA-2132 (DEBIAN)
SUSE-SA:2011:003 (SUSE)
ADV-2011-0030 (VUPEN)
MDVSA-2010:251 (MANDRIVA)
42818 (SECUNIA)
oval:org.mitre.oval:def:12324 (OVAL)
CVE: CVE-2010-3773
CVE: CVE-2010-3773
Id:
CVE-2010-3773
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773
Comment
: Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
http://www.mozilla.org/security/announce/2010/mfsa2010-82.html (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=554449 (CONFIRM)
FEDORA-2010-18890 (FEDORA)
RHSA-2010:0966 (REDHAT)
USN-1019-1 (UBUNTU)
DSA-2132 (DEBIAN)
FEDORA-2010-18920 (FEDORA)
FEDORA-2010-18773 (FEDORA)
FEDORA-2010-18775 (FEDORA)
42716 (SECUNIA)
http://support.avaya.com/css/P8/documents/100124650 (CONFIRM)
SUSE-SA:2011:003 (SUSE)
ADV-2011-0030 (VUPEN)
MDVSA-2010:251 (MANDRIVA)
42818 (SECUNIA)
45354 (BID)
oval:org.mitre.oval:def:11960 (OVAL)
CVE: CVE-2010-3774
CVE: CVE-2010-3774
Id:
CVE-2010-3774
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774
Comment
: The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
20 (Improper Input Validation)
References:
https://bugzilla.mozilla.org/show_bug.cgi?id=602780 (CONFIRM)
http://www.mozilla.org/security/announce/2010/mfsa2010-83.html (CONFIRM)
1024850 (SECTRACK)
USN-1019-1 (UBUNTU)
42716 (SECUNIA)
FEDORA-2010-18890 (FEDORA)
FEDORA-2010-18773 (FEDORA)
FEDORA-2010-18920 (FEDORA)
RHSA-2010:0966 (REDHAT)
FEDORA-2010-18775 (FEDORA)
http://support.avaya.com/css/P8/documents/100124650 (CONFIRM)
SUSE-SA:2011:003 (SUSE)
MDVSA-2010:251 (MANDRIVA)
ADV-2011-0030 (VUPEN)
42818 (SECUNIA)
oval:org.mitre.oval:def:12512 (OVAL)
CVE: CVE-2010-3775
CVE: CVE-2010-3775
Id:
CVE-2010-3775
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775
Comment
: Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
https://bugzilla.mozilla.org/show_bug.cgi?id=610525 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=611897 (CONFIRM)
http://www.mozilla.org/security/announce/2010/mfsa2010-79.html (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=589041 (CONFIRM)
45355 (BID)
42716 (SECUNIA)
FEDORA-2010-18773 (FEDORA)
http://support.avaya.com/css/P8/documents/100124650 (CONFIRM)
1024848 (SECTRACK)
RHSA-2010:0966 (REDHAT)
RHSA-2010:0967 (REDHAT)
DSA-2132 (DEBIAN)
FEDORA-2010-18890 (FEDORA)
USN-1019-1 (UBUNTU)
FEDORA-2010-18920 (FEDORA)
FEDORA-2010-18775 (FEDORA)
SUSE-SA:2011:003 (SUSE)
ADV-2011-0030 (VUPEN)
42818 (SECUNIA)
MDVSA-2010:251 (MANDRIVA)
oval:org.mitre.oval:def:11666 (OVAL)
CVE: CVE-2010-3776
CVE: CVE-2010-3776
Id:
CVE-2010-3776
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776
Comment
: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugzilla.mozilla.org/show_bug.cgi?id=569162 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=571995 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=601699 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=599166 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=604843 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=468563 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=605307 (CONFIRM)
http://www.mozilla.org/security/announce/2010/mfsa2010-74.html (CONFIRM)
45347 (BID)
FEDORA-2010-18775 (FEDORA)
DSA-2132 (DEBIAN)
1024848 (SECTRACK)
1024846 (SECTRACK)
RHSA-2010:0969 (REDHAT)
http://support.avaya.com/css/P8/documents/100124650 (CONFIRM)
USN-1019-1 (UBUNTU)
FEDORA-2010-18778 (FEDORA)
42716 (SECUNIA)
USN-1020-1 (UBUNTU)
FEDORA-2010-18773 (FEDORA)
FEDORA-2010-18777 (FEDORA)
FEDORA-2010-18890 (FEDORA)
FEDORA-2010-18920 (FEDORA)
RHSA-2010:0968 (REDHAT)
RHSA-2010:0967 (REDHAT)
RHSA-2010:0966 (REDHAT)
SUSE-SA:2011:003 (SUSE)
ADV-2011-0030 (VUPEN)
MDVSA-2010:251 (MANDRIVA)
42818 (SECUNIA)
MDVSA-2010:258 (MANDRIVA)
oval:org.mitre.oval:def:12389 (OVAL)
CVE: CVE-2010-3777
CVE: CVE-2010-3777
Id:
CVE-2010-3777
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777
Comment
: Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.mozilla.org/security/announce/2010/mfsa2010-74.html (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=599607 (CONFIRM)
45348 (BID)
FEDORA-2010-18775 (FEDORA)
1024846 (SECTRACK)
1024848 (SECTRACK)
USN-1020-1 (UBUNTU)
42716 (SECUNIA)
FEDORA-2010-18773 (FEDORA)
RHSA-2010:0969 (REDHAT)
RHSA-2010:0966 (REDHAT)
http://support.avaya.com/css/P8/documents/100124650 (CONFIRM)
FEDORA-2010-18920 (FEDORA)
USN-1019-1 (UBUNTU)
FEDORA-2010-18778 (FEDORA)
FEDORA-2010-18777 (FEDORA)
FEDORA-2010-18890 (FEDORA)
SUSE-SA:2011:003 (SUSE)
MDVSA-2010:251 (MANDRIVA)
ADV-2011-0030 (VUPEN)
42818 (SECUNIA)
MDVSA-2010:258 (MANDRIVA)
oval:org.mitre.oval:def:12468 (OVAL)
Content available only for registered users!
ovaldb@altx-soft.com