cvelistv5 - cve-2010-3768

CVE-2010-3768 (GCVE-0-2010-3768)

Vulnerability from cvelistv5

Published

2010-12-10 18:00

Modified

2024-08-07 03:18

Severity ?

CWE

Summary

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html	vendor-advisory, x_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533	vdb-entry, signature, x_refsource_OVAL
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:258	vendor-advisory, x_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:251	vendor-advisory, x_refsource_MANDRIVA
	http://support.avaya.com/css/P8/documents/100124650	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0966.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/45352	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-1019-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=660420	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0969.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/42818	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1024846	vdb-entry, x_refsource_SECTRACK
	http://www.mozilla.org/security/announce/2010/mfsa2010-78.html	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.mozilla.org/show_bug.cgi?id=527276	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1024848	vdb-entry, x_refsource_SECTRACK
	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2011/0030	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/42716	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-1020-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:53.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SA:2011:003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
          },
          {
            "name": "FEDORA-2010-18775",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
          },
          {
            "name": "oval:org.mitre.oval:def:12533",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533"
          },
          {
            "name": "MDVSA-2010:258",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258"
          },
          {
            "name": "MDVSA-2010:251",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100124650"
          },
          {
            "name": "RHSA-2010:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
          },
          {
            "name": "45352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45352"
          },
          {
            "name": "USN-1019-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1019-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420"
          },
          {
            "name": "RHSA-2010:0969",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0969.html"
          },
          {
            "name": "42818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42818"
          },
          {
            "name": "1024846",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024846"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html"
          },
          {
            "name": "FEDORA-2010-18778",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=527276"
          },
          {
            "name": "1024848",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024848"
          },
          {
            "name": "FEDORA-2010-18920",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
          },
          {
            "name": "FEDORA-2010-18777",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html"
          },
          {
            "name": "ADV-2011-0030",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0030"
          },
          {
            "name": "FEDORA-2010-18890",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
          },
          {
            "name": "42716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42716"
          },
          {
            "name": "USN-1020-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1020-1"
          },
          {
            "name": "FEDORA-2010-18773",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system\u0027s font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SA:2011:003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
        },
        {
          "name": "FEDORA-2010-18775",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
        },
        {
          "name": "oval:org.mitre.oval:def:12533",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533"
        },
        {
          "name": "MDVSA-2010:258",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258"
        },
        {
          "name": "MDVSA-2010:251",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100124650"
        },
        {
          "name": "RHSA-2010:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
        },
        {
          "name": "45352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45352"
        },
        {
          "name": "USN-1019-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1019-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420"
        },
        {
          "name": "RHSA-2010:0969",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0969.html"
        },
        {
          "name": "42818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42818"
        },
        {
          "name": "1024846",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024846"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html"
        },
        {
          "name": "FEDORA-2010-18778",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=527276"
        },
        {
          "name": "1024848",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024848"
        },
        {
          "name": "FEDORA-2010-18920",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
        },
        {
          "name": "FEDORA-2010-18777",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html"
        },
        {
          "name": "ADV-2011-0030",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0030"
        },
        {
          "name": "FEDORA-2010-18890",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
        },
        {
          "name": "42716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42716"
        },
        {
          "name": "USN-1020-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1020-1"
        },
        {
          "name": "FEDORA-2010-18773",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3768",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system\u0027s font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SA:2011:003",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
            },
            {
              "name": "FEDORA-2010-18775",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12533",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533"
            },
            {
              "name": "MDVSA-2010:258",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258"
            },
            {
              "name": "MDVSA-2010:251",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100124650",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100124650"
            },
            {
              "name": "RHSA-2010:0966",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
            },
            {
              "name": "45352",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45352"
            },
            {
              "name": "USN-1019-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1019-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=660420",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420"
            },
            {
              "name": "RHSA-2010:0969",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0969.html"
            },
            {
              "name": "42818",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42818"
            },
            {
              "name": "1024846",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024846"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html"
            },
            {
              "name": "FEDORA-2010-18778",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=527276",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=527276"
            },
            {
              "name": "1024848",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024848"
            },
            {
              "name": "FEDORA-2010-18920",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
            },
            {
              "name": "FEDORA-2010-18777",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html"
            },
            {
              "name": "ADV-2011-0030",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0030"
            },
            {
              "name": "FEDORA-2010-18890",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
            },
            {
              "name": "42716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42716"
            },
            {
              "name": "USN-1020-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1020-1"
            },
            {
              "name": "FEDORA-2010-18773",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3768",
    "datePublished": "2010-12-10T18:00:00.000Z",
    "dateReserved": "2010-10-05T00:00:00.000Z",
    "dateUpdated": "2024-08-07T03:18:53.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-585

Vulnerability from certfr_avis

Plusieurs vulnérabilités sont présentes dans les produits Mozilla et certaines permettent à un utilisateur malveillant d'exécuter du code arbitraire sur le système vulnérable.

Description

Plusieurs vulnérabilités présentes dans les produits Mozilla ont été corrigées :

des erreurs dans le moteur du navigateur provoquent des corruptions de la mémoire. Certaines permettraient d'exécuter du code arbitraire ;
sur les plateformes Windows, un débordement de mémoire quand document.write est appelé permet de provoquer un arrêt inopiné ou d'exécuter du code arbitraire ;
l'utilisation de windows.open dans certaines conditions permet d'utiliser les droits de chrome ;
des objets HTML dans un arbre XUL sont utilisables pour provoquer un arrêt inopiné ou pour exécuter du code arbitraire ;
des vulnérabilités sont exploitables au moyen de fontes de caractères ;
le script Java LiveConnect permet, dans certaines circonstances, de contourner la politique de sécurité ;
des utilisations de pointeurs après libération de la mémoire correspondante existent ;
des tableaux JavaScript permettent de corrompre la mémoire ;
les programmes en Javascript peuvent être exécutés avec des privilèges non prévus ;
les pages d'erreurs réseau ou liées aux certificats peuvent être utilisées par des sites malveillants pour tromper l'utilisateur sur l'identité du site avec lequel il pense être connecté ;
des jeux de caractères, hébreu, farsi et arabe, permettent de réaliser des injections de code indirectes.

Solution

Les versions 3.6.13 et 3.5.16 de Firefox, 3.1.7 et 3.0.11 de Thunderbird et 2.0.11 de SeaMonkey remédient à ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	N/A	Seamonkey 2.0.x.
Mozilla	Thunderbird	Thunderbird 3.0.x et 3.1.x ;
Mozilla	Firefox	Firefox 3.5.x et 3.6.x ;

References

Title

Publication Time

Tags

Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84	None	vendor-advisory
Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84 du 09 décembre 2010 :	-	other
Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84 du 09 décembre 2010 :	-	other
Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84 du 09 décembre 2010 :	-	other
Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84 du 09 décembre 2010 :	-	other
Bulletins de sécurité Fedora FEDORA-2010-18773 et FEDORA-2010-18775 du 09 décembre 2010 (Mozilla Firefox) :	-	other
Bulletins de sécurité Fedora FEDORA-2010-18890 et FEDORA-2010-18920 du 15 décembre 2010 (Mozilla Seamonkey) :	-	other
Bulletins de sécurité Fedora FEDORA-2010-18773 et FEDORA-2010-18775 du 09 décembre 2010 (Mozilla Firefox) :	-	other
Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84 du 09 décembre 2010 :	-	other
Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84 du 09 décembre 2010 :	-	other
Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84 du 09 décembre 2010 :	-	other
Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84 du 09 décembre 2010 :	-	other
Bulletins de sécurité Fedora FEDORA-2010-18773 et FEDORA-2010-18775 du 09 décembre 2010 (Mozilla Firefox) :	-	other
Bulletins de sécurité Fedora FEDORA-2010-18890 et FEDORA-2010-18920 du 15 décembre 2010 (Mozilla Seamonkey) :	-	other
Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84 du 09 décembre 2010 :	-	other
Bulletins de sécurité Fedora FEDORA-2010-18777 et FEDORA-2010-18778 du 09 décembre 2010 (Mozilla Thunderbird) :	-	other
Bulletins de sécurité Fedora FEDORA-2010-18773 et FEDORA-2010-18775 du 09 décembre 2010 (Mozilla Firefox) :	-	other
Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84 du 09 décembre 2010 :	-	other
Bulletins de sécurité de la fondation Mozilla MFSA2010-74 à MFSA2010-84 du 09 décembre 2010 :	-	other
Bulletins de sécurité Fedora FEDORA-2010-18777 et FEDORA-2010-18778 du 09 décembre 2010 (Mozilla Thunderbird) :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Seamonkey 2.0.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird 3.0.x et 3.1.x ;",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox 3.5.x et 3.6.x ;",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Mozilla ont \u00e9t\u00e9\ncorrig\u00e9es\u00a0:\n\n-   des erreurs dans le moteur du navigateur provoquent des corruptions\n    de la m\u00e9moire. Certaines permettraient d\u0027ex\u00e9cuter du code\n    arbitraire\u00a0;\n-   sur les plateformes Windows, un d\u00e9bordement de m\u00e9moire quand\n    document.write est appel\u00e9 permet de provoquer un arr\u00eat inopin\u00e9 ou\n    d\u0027ex\u00e9cuter du code arbitraire\u00a0;\n-   l\u0027utilisation de windows.open dans certaines conditions permet\n    d\u0027utiliser les droits de chrome\u00a0;\n-   des objets HTML dans un arbre XUL sont utilisables pour provoquer un\n    arr\u00eat inopin\u00e9 ou pour ex\u00e9cuter du code arbitraire\u00a0;\n-   des vuln\u00e9rabilit\u00e9s sont exploitables au moyen de fontes de\n    caract\u00e8res\u00a0;\n-   le script Java LiveConnect permet, dans certaines circonstances, de\n    contourner la politique de s\u00e9curit\u00e9\u00a0;\n-   des utilisations de pointeurs apr\u00e8s lib\u00e9ration de la m\u00e9moire\n    correspondante existent\u00a0;\n-   des tableaux JavaScript permettent de corrompre la m\u00e9moire\u00a0;\n-   les programmes en Javascript peuvent \u00eatre ex\u00e9cut\u00e9s avec des\n    privil\u00e8ges non pr\u00e9vus\u00a0;\n-   les pages d\u0027erreurs r\u00e9seau ou li\u00e9es aux certificats peuvent \u00eatre\n    utilis\u00e9es par des sites malveillants pour tromper l\u0027utilisateur sur\n    l\u0027identit\u00e9 du site avec lequel il pense \u00eatre connect\u00e9\u00a0;\n-   des jeux de caract\u00e8res, h\u00e9breu, farsi et arabe, permettent de\n    r\u00e9aliser des injections de code indirectes.\n\n## Solution\n\nLes versions 3.6.13 et 3.5.16 de Firefox, 3.1.7 et 3.0.11 de Thunderbird\net 2.0.11 de SeaMonkey rem\u00e9dient \u00e0 ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3768"
    },
    {
      "name": "CVE-2010-3773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3773"
    },
    {
      "name": "CVE-2010-3778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3778"
    },
    {
      "name": "CVE-2010-3767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3767"
    },
    {
      "name": "CVE-2010-3769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3769"
    },
    {
      "name": "CVE-2010-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3772"
    },
    {
      "name": "CVE-2010-3766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3766"
    },
    {
      "name": "CVE-2010-3771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3771"
    },
    {
      "name": "CVE-2010-3770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3770"
    },
    {
      "name": "CVE-2010-3775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3775"
    },
    {
      "name": "CVE-2010-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3776"
    },
    {
      "name": "CVE-2010-3777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3777"
    },
    {
      "name": "CVE-2010-3774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3774"
    }
  ],
  "initial_release_date": "2010-12-10T00:00:00",
  "last_revision_date": "2010-12-24T00:00:00",
  "links": [
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0    MFSA2010-84 du 09 d\u00e9cembre 2010 :",
      "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-83.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0    MFSA2010-84 du 09 d\u00e9cembre 2010 :",
      "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-82.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0    MFSA2010-84 du 09 d\u00e9cembre 2010 :",
      "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-84.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0    MFSA2010-84 du 09 d\u00e9cembre 2010 :",
      "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-77.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2010-18773 et    FEDORA-2010-18775 du 09 d\u00e9cembre 2010 (Mozilla Firefox)\u00a0:",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052035.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2010-18890 et    FEDORA-2010-18920 du 15 d\u00e9cembre 2010 (Mozilla    Seamonkey)\u00a0:",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2010-18773 et    FEDORA-2010-18775 du 09 d\u00e9cembre 2010 (Mozilla Firefox)\u00a0:",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052029.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0    MFSA2010-84 du 09 d\u00e9cembre 2010 :",
      "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-76.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0    MFSA2010-84 du 09 d\u00e9cembre 2010 :",
      "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-75.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0    MFSA2010-84 du 09 d\u00e9cembre 2010 :",
      "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-79.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0    MFSA2010-84 du 09 d\u00e9cembre 2010 :",
      "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2010-18773 et    FEDORA-2010-18775 du 09 d\u00e9cembre 2010 (Mozilla Firefox)\u00a0:",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052021.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2010-18890 et    FEDORA-2010-18920 du 15 d\u00e9cembre 2010 (Mozilla    Seamonkey)\u00a0:",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0    MFSA2010-84 du 09 d\u00e9cembre 2010 :",
      "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-81.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2010-18777 et    FEDORA-2010-18778 du 09 d\u00e9cembre 2010 (Mozilla    Thunderbird)\u00a0:",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2010-18773 et    FEDORA-2010-18775 du 09 d\u00e9cembre 2010 (Mozilla Firefox)\u00a0:",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052023.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0    MFSA2010-84 du 09 d\u00e9cembre 2010 :",
      "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0    MFSA2010-84 du 09 d\u00e9cembre 2010 :",
      "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-80.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2010-18777 et    FEDORA-2010-18778 du 09 d\u00e9cembre 2010 (Mozilla    Thunderbird)\u00a0:",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html"
    }
  ],
  "reference": "CERTA-2010-AVI-585",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-10T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins Fedora.",
      "revision_date": "2010-12-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans les produits Mozilla et\ncertaines permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire sur le syst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2010-74 \u00e0 MFSA2010-84",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-3768 (GCVE-0-2010-3768)

Vulnerability from cvelistv5

CERTA-2010-AVI-585

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature