CVE-2010-3769

HIGH

Description

The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.

ID	Name	Product	Family	Severity
75735	openSUSE Security Update : seamonkey (seamonkey-3690)	Nessus	SuSE Local Security Checks	high
75672	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3689)	Nessus	SuSE Local Security Checks	high
75662	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3687)	Nessus	SuSE Local Security Checks	high
75649	openSUSE Security Update : MozillaFirefox (MozillaFirefox-3688)	Nessus	SuSE Local Security Checks	high
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
53797	openSUSE Security Update : seamonkey (seamonkey-3690)	Nessus	SuSE Local Security Checks	high
53776	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3689)	Nessus	SuSE Local Security Checks	high
53773	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3687)	Nessus	SuSE Local Security Checks	high
53769	openSUSE Security Update : MozillaFirefox (MozillaFirefox-3688)	Nessus	SuSE Local Security Checks	high
53688	openSUSE Security Update : seamonkey (seamonkey-3690)	Nessus	SuSE Local Security Checks	high
53684	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3689)	Nessus	SuSE Local Security Checks	high
53683	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3687)	Nessus	SuSE Local Security Checks	high
53682	openSUSE Security Update : MozillaFirefox (MozillaFirefox-3688)	Nessus	SuSE Local Security Checks	high
51627	SuSE 11.1 Security Update : Mozilla XULrunner (SAT Patch Number 3694)	Nessus	SuSE Local Security Checks	high
51591	SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 3693)	Nessus	SuSE Local Security Checks	high
51411	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7280)	Nessus	SuSE Local Security Checks	high
51362	Fedora 14 : seamonkey-2.0.11-1.fc14 (2010-18920)	Nessus	Fedora Local Security Checks	high
51361	Fedora 13 : seamonkey-2.0.11-1.fc13 (2010-18890)	Nessus	Fedora Local Security Checks	high
51353	Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:258)	Nessus	Mandriva Local Security Checks	high
51180	Debian DSA-2132-1 : xulrunner - several vulnerabilities	Nessus	Debian Local Security Checks	high
51132	FreeBSD : mozilla -- multiple vulnerabilities (1d8ff4a2-0445-11e0-8e32-000f20797ede)	Nessus	FreeBSD Local Security Checks	high
801367	Mozilla Thunderbird 3.0.x < 3.0.11 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801351	Mozilla Firefox < 3.5.16 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801315	Mozilla Thunderbird 3.1.x < 3.1.7 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801283	Mozilla SeaMonkey 2.0.x < 2.0.11 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
51124	SeaMonkey < 2.0.11 Multiple Vulnerabilities	Nessus	Windows	high
51123	Mozilla Thunderbird 3.1.x < 3.1.7 Multiple Vulnerabilities	Nessus	Windows	high
51122	Mozilla Thunderbird < 3.0.11 Multiple Vulnerabilities	Nessus	Windows	high
51121	Firefox 3.6 < 3.6.13 Multiple Vulnerabilities	Nessus	Windows	high
51120	Firefox < 3.5.16 Multiple Vulnerabilities	Nessus	Windows	high
51106	Mandriva Linux Security Advisory : firefox (MDVSA-2010:251-2)	Nessus	Mandriva Local Security Checks	high
5731	SeaMonkey 2.0.x < 2.0.11 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
5730	Mozilla Thunderbird 3.1.x < 3.1.7 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
5729	Mozilla Thunderbird 3.0.x < 3.0.11 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
5728	Mozilla Firefox < 3.5.16 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
801273	Mozilla Firefox 3.6.x < 3.6.13 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
5727	Mozilla Firefox 3.6.x < 3.6.13 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high

CVE-2010-3769

Description

References

Details

Risk Information

CVSS v2.0