CVE-2010-3769
CVE-2010-3769
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.htmlhttp://osvdb.org/69771https://bugzilla.mozilla.org/show_bug.cgi?id=608336http://secunia.com/advisories/42716http://secunia.com/advisories/42818https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12342http://www.debian.org/security/2010/dsa-2132http://www.mandriva.com/security/advisories?name=MDVSA-2010:251http://www.mandriva.com/security/advisories?name=MDVSA-2010:258http://www.mozilla.org/security/announce/2010/mfsa2010-75.html