what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2010-258

Posted Dec 20, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-258 - Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets rules. The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. Various other vulnerabilities have been addressed in Mozilla Thunderbird.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, windows, mandriva

advisories | CVE-2010-3768, CVE-2010-3769, CVE-2010-3776, CVE-2010-3777, CVE-2010-3778

SHA-256 | 8303cb81da50d3bd26721e1af3fad9224a8a40b7e910276b23d32824b24e111d

Download | Favorite | View

Related Files

No related files