CVE-2010-3769
CVE-2010-3769
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.htmlhttp://osvdb.org/69771https://bugzilla.mozilla.org/show_bug.cgi?id=608336http://secunia.com/advisories/42716http://secunia.com/advisories/42818https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12342http://www.debian.org/security/2010/dsa-2132http://www.mandriva.com/security/advisories?name=MDVSA-2010:251http://www.mandriva.com/security/advisories?name=MDVSA-2010:258http://www.mozilla.org/security/announce/2010/mfsa2010-75.html