[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3769Date: (C)2010-12-10   (M)2024-03-27


The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1024846
SECTRACK-1024848
SECUNIA-42716
SECUNIA-42818
BID-45345
OSVDB-69771
ADV-2011-0030
DSA-2132
FEDORA-2010-18890
FEDORA-2010-18920
MDVSA-2010:251
MDVSA-2010:258
SUSE-SA:2011:003
http://www.mozilla.org/security/announce/2010/mfsa2010-75.html
https://bugzilla.mozilla.org/show_bug.cgi?id=608336
oval:org.mitre.oval:def:12342

CPE    252
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
cpe:/a:mozilla:thunderbird:1.0
cpe:/a:mozilla:thunderbird:1.5
...
CWE    1
CWE-119
OVAL    7
oval:org.secpod.oval:def:300258
oval:org.secpod.oval:def:300201
oval:org.secpod.oval:def:400011
oval:org.secpod.oval:def:300361
...

© SecPod Technologies