Vulnerability-Lookup

CVE-2010-3777 (GCVE-0-2010-3777)

Vulnerability from cvelistv5 – Published: 2010-12-10 18:00 – Updated: 2024-08-07 03:18

Summary

Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

23 references

URL	Tags
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.mozilla.org/security/announce/2010/mfs…	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://support.avaya.com/css/P8/documents/100124650	x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-09…	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1019-1	vendor-advisoryx_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2010-09…	vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/42818	third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1024846	vdb-entryx_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.securitytracker.com/id?1024848	vdb-entryx_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2011/0030	vdb-entryx_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
https://bugzilla.mozilla.org/show_bug.cgi?id=599607	x_refsource_CONFIRM
http://www.securityfocus.com/bid/45348	vdb-entryx_refsource_BID
http://secunia.com/advisories/42716	third-party-advisoryx_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1020-1	vendor-advisoryx_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public

2010-12-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:53.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SA:2011:003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
          },
          {
            "name": "FEDORA-2010-18775",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html"
          },
          {
            "name": "MDVSA-2010:258",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258"
          },
          {
            "name": "MDVSA-2010:251",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100124650"
          },
          {
            "name": "RHSA-2010:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
          },
          {
            "name": "USN-1019-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1019-1"
          },
          {
            "name": "RHSA-2010:0969",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0969.html"
          },
          {
            "name": "42818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42818"
          },
          {
            "name": "1024846",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024846"
          },
          {
            "name": "oval:org.mitre.oval:def:12468",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468"
          },
          {
            "name": "FEDORA-2010-18778",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html"
          },
          {
            "name": "1024848",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024848"
          },
          {
            "name": "FEDORA-2010-18920",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
          },
          {
            "name": "FEDORA-2010-18777",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html"
          },
          {
            "name": "ADV-2011-0030",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0030"
          },
          {
            "name": "FEDORA-2010-18890",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=599607"
          },
          {
            "name": "45348",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45348"
          },
          {
            "name": "42716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42716"
          },
          {
            "name": "USN-1020-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1020-1"
          },
          {
            "name": "FEDORA-2010-18773",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SA:2011:003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
        },
        {
          "name": "FEDORA-2010-18775",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html"
        },
        {
          "name": "MDVSA-2010:258",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258"
        },
        {
          "name": "MDVSA-2010:251",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100124650"
        },
        {
          "name": "RHSA-2010:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
        },
        {
          "name": "USN-1019-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1019-1"
        },
        {
          "name": "RHSA-2010:0969",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0969.html"
        },
        {
          "name": "42818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42818"
        },
        {
          "name": "1024846",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024846"
        },
        {
          "name": "oval:org.mitre.oval:def:12468",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468"
        },
        {
          "name": "FEDORA-2010-18778",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html"
        },
        {
          "name": "1024848",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024848"
        },
        {
          "name": "FEDORA-2010-18920",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
        },
        {
          "name": "FEDORA-2010-18777",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html"
        },
        {
          "name": "ADV-2011-0030",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0030"
        },
        {
          "name": "FEDORA-2010-18890",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=599607"
        },
        {
          "name": "45348",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45348"
        },
        {
          "name": "42716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42716"
        },
        {
          "name": "USN-1020-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1020-1"
        },
        {
          "name": "FEDORA-2010-18773",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3777",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SA:2011:003",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
            },
            {
              "name": "FEDORA-2010-18775",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html"
            },
            {
              "name": "MDVSA-2010:258",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258"
            },
            {
              "name": "MDVSA-2010:251",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100124650",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100124650"
            },
            {
              "name": "RHSA-2010:0966",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
            },
            {
              "name": "USN-1019-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1019-1"
            },
            {
              "name": "RHSA-2010:0969",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0969.html"
            },
            {
              "name": "42818",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42818"
            },
            {
              "name": "1024846",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024846"
            },
            {
              "name": "oval:org.mitre.oval:def:12468",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468"
            },
            {
              "name": "FEDORA-2010-18778",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html"
            },
            {
              "name": "1024848",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024848"
            },
            {
              "name": "FEDORA-2010-18920",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
            },
            {
              "name": "FEDORA-2010-18777",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html"
            },
            {
              "name": "ADV-2011-0030",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0030"
            },
            {
              "name": "FEDORA-2010-18890",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=599607",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=599607"
            },
            {
              "name": "45348",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45348"
            },
            {
              "name": "42716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42716"
            },
            {
              "name": "USN-1020-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1020-1"
            },
            {
              "name": "FEDORA-2010-18773",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3777",
    "datePublished": "2010-12-10T18:00:00.000Z",
    "dateReserved": "2010-10-05T00:00:00.000Z",
    "dateUpdated": "2024-08-07T03:18:53.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2010-3777",
      "date": "2026-06-07",
      "epss": "0.06912",
      "percentile": "0.91566"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3782354-7EB7-49D2-B240-1871F6CB84C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39A968C1-8F61-4A26-A098-84F9A4DD5D3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30D47263-03AD-4060-91E3-90F997B3D174\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFD775DF-277E-4D5B-B980-B8E6E782467D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8587BFD-417D-42BE-A5F8-22FDC68FA9E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7364FAB-EEE9-4064-A8AD-6547239F9AB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C50485F-BC7B-4B70-A47B-1712E2DBAC5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EE386B-0833-484E-A2AB-86B4470D4D45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3EF1B4D-6556-4B3C-BDD0-6348A4D4A91D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68C5C7CF-005B-42FC-B950-90303F0CC115\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B2FA2CF-7FE4-43B1-96A0-C14666EDBD7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30290F6D-55CA-47EB-8F41-7BBB745C7A34\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58FC2EFB-CE85-4A65-A7B4-A0779F11B5BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27B9EA91-A461-42CE-9ED7-3805BD13A4B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C48E432-8945-4918-B2A4-AD2E05A51633\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A95B301-A72B-4F95-A7D6-4B574E9D3BDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"968C261F-A7D5-4EB6-BCFF-EE40DB5A11D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB49CD91-C21E-4494-97CF-DDCFB38B2D92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EC37D84-29B9-4F64-B72B-79A8B086A94A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en Mozilla Firefox 3.6.x en versiones anteriores a la  3.6.13 y Thunderbird 3.1.x en versiones anteriores a la 3.1.7, permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria y ca\\u00edda de la aplicaci\\u00f3n) o posiblemente ejecutar c\\u00f3digo de su elecci\\u00f3n mediante vectores no desconocidos.\"}]",
      "id": "CVE-2010-3777",
      "lastModified": "2024-11-21T01:19:35.370",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-12-10T19:00:02.767",
      "references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42716\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42818\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.avaya.com/css/P8/documents/100124650\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:251\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:258\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mozilla.org/security/announce/2010/mfsa2010-74.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0966.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0969.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/45348\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1024846\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1024848\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1019-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1020-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0030\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=599607\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42716\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42818\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/css/P8/documents/100124650\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:251\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:258\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mozilla.org/security/announce/2010/mfsa2010-74.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0966.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0969.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/45348\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1024846\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1024848\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1019-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1020-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0030\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=599607\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}, {\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3777\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-12-10T19:00:02.767\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Mozilla Firefox 3.6.x en versiones anteriores a la  3.6.13 y Thunderbird 3.1.x en versiones anteriores a la 3.1.7, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3782354-7EB7-49D2-B240-1871F6CB84C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39A968C1-8F61-4A26-A098-84F9A4DD5D3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30D47263-03AD-4060-91E3-90F997B3D174\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFD775DF-277E-4D5B-B980-B8E6E782467D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8587BFD-417D-42BE-A5F8-22FDC68FA9E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7364FAB-EEE9-4064-A8AD-6547239F9AB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C50485F-BC7B-4B70-A47B-1712E2DBAC5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EE386B-0833-484E-A2AB-86B4470D4D45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3EF1B4D-6556-4B3C-BDD0-6348A4D4A91D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68C5C7CF-005B-42FC-B950-90303F0CC115\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B2FA2CF-7FE4-43B1-96A0-C14666EDBD7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30290F6D-55CA-47EB-8F41-7BBB745C7A34\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58FC2EFB-CE85-4A65-A7B4-A0779F11B5BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27B9EA91-A461-42CE-9ED7-3805BD13A4B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C48E432-8945-4918-B2A4-AD2E05A51633\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A95B301-A72B-4F95-A7D6-4B574E9D3BDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"968C261F-A7D5-4EB6-BCFF-EE40DB5A11D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB49CD91-C21E-4494-97CF-DDCFB38B2D92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC37D84-29B9-4F64-B72B-79A8B086A94A\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42716\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42818\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.avaya.com/css/P8/documents/100124650\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:251\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:258\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mozilla.org/security/announce/2010/mfsa2010-74.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0966.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0969.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/45348\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1024846\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1024848\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1019-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1020-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0030\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=599607\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/css/P8/documents/100124650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mozilla.org/security/announce/2010/mfsa2010-74.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0966.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0969.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/45348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024846\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024848\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1019-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1020-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=599607\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2010_0969

Vulnerability from csaf_redhat - Published: 2010-12-09 23:53 - Updated: 2024-11-22 03:54

Summary

Red Hat Security Advisory: thunderbird security update

Severity

Moderate

Notes

Topic: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3776, CVE-2010-3777) Note: JavaScript support is disabled in Thunderbird for mail messages. The above issues are believed to not be exploitable without JavaScript. This update adds support for the Sanitiser for OpenType (OTS) library to Thunderbird. This library helps prevent potential exploits in malformed OpenType fonts by verifying the font file prior to use. (CVE-2010-3768) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2010-3768

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.src	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.src	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.src	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix

Threats

Impact Critical

CVE-2010-3776

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.src	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.src	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.src	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix

Threats

Impact Critical

CVE-2010-3777

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.src	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.src	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.src	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x	—	Vendor Fix fix
Unresolved product id: 6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64	—	Vendor Fix fix

Threats

Impact Critical

References

18 references

URL	Category
https://access.redhat.com/errata/RHSA-2010:0969	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=660408	external
https://bugzilla.redhat.com/show_bug.cgi?id=660415	external
https://bugzilla.redhat.com/show_bug.cgi?id=660420	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2010-3768	self
https://bugzilla.redhat.com/show_bug.cgi?id=660420	external
https://www.cve.org/CVERecord?id=CVE-2010-3768	external
https://nvd.nist.gov/vuln/detail/CVE-2010-3768	external
https://access.redhat.com/security/cve/CVE-2010-3776	self
https://bugzilla.redhat.com/show_bug.cgi?id=660408	external
https://www.cve.org/CVERecord?id=CVE-2010-3776	external
https://nvd.nist.gov/vuln/detail/CVE-2010-3776	external
https://access.redhat.com/security/cve/CVE-2010-3777	self
https://bugzilla.redhat.com/show_bug.cgi?id=660415	external
https://www.cve.org/CVERecord?id=CVE-2010-3777	external
https://nvd.nist.gov/vuln/detail/CVE-2010-3777	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated thunderbird package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nMalicious HTML content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2010-3776, CVE-2010-3777)\n\nNote: JavaScript support is disabled in Thunderbird for mail messages. The\nabove issues are believed to not be exploitable without JavaScript.\n\nThis update adds support for the Sanitiser for OpenType (OTS) library to Thunderbird. This library helps prevent potential exploits in malformed OpenType fonts by verifying the font file prior to use. (CVE-2010-3768)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0969",
        "url": "https://access.redhat.com/errata/RHSA-2010:0969"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "660408",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660408"
      },
      {
        "category": "external",
        "summary": "660415",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660415"
      },
      {
        "category": "external",
        "summary": "660420",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0969.json"
      }
    ],
    "title": "Red Hat Security Advisory: thunderbird security update",
    "tracking": {
      "current_release_date": "2024-11-22T03:54:47+00:00",
      "generator": {
        "date": "2024-11-22T03:54:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2010:0969",
      "initial_release_date": "2010-12-09T23:53:00+00:00",
      "revision_history": [
        {
          "date": "2010-12-09T23:53:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-12-09T18:55:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T03:54:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                  "product_id": "6Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Optional (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Optional (v. 6)",
                  "product_id": "6Server-optional",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                  "product_id": "6Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:3.1.7-3.el6_0.i686",
                "product": {
                  "name": "thunderbird-0:3.1.7-3.el6_0.i686",
                  "product_id": "thunderbird-0:3.1.7-3.el6_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@3.1.7-3.el6_0?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
                "product": {
                  "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
                  "product_id": "thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@3.1.7-3.el6_0?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:3.1.7-3.el6_0.ppc64",
                "product": {
                  "name": "thunderbird-0:3.1.7-3.el6_0.ppc64",
                  "product_id": "thunderbird-0:3.1.7-3.el6_0.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@3.1.7-3.el6_0?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
                "product": {
                  "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
                  "product_id": "thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@3.1.7-3.el6_0?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:3.1.7-3.el6_0.src",
                "product": {
                  "name": "thunderbird-0:3.1.7-3.el6_0.src",
                  "product_id": "thunderbird-0:3.1.7-3.el6_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@3.1.7-3.el6_0?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:3.1.7-3.el6_0.s390x",
                "product": {
                  "name": "thunderbird-0:3.1.7-3.el6_0.s390x",
                  "product_id": "thunderbird-0:3.1.7-3.el6_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@3.1.7-3.el6_0?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
                "product": {
                  "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
                  "product_id": "thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@3.1.7-3.el6_0?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:3.1.7-3.el6_0.x86_64",
                "product": {
                  "name": "thunderbird-0:3.1.7-3.el6_0.x86_64",
                  "product_id": "thunderbird-0:3.1.7-3.el6_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@3.1.7-3.el6_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
                "product": {
                  "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
                  "product_id": "thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@3.1.7-3.el6_0?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:thunderbird-0:3.1.7-3.el6_0.i686"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.i686",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:thunderbird-0:3.1.7-3.el6_0.ppc64"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.ppc64",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:thunderbird-0:3.1.7-3.el6_0.s390x"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.s390x",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:thunderbird-0:3.1.7-3.el6_0.src"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.src",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:thunderbird-0:3.1.7-3.el6_0.x86_64"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.x86_64",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.i686",
        "relates_to_product_reference": "6Server-optional"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.ppc64",
        "relates_to_product_reference": "6Server-optional"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.s390x",
        "relates_to_product_reference": "6Server-optional"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional:thunderbird-0:3.1.7-3.el6_0.src"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.src",
        "relates_to_product_reference": "6Server-optional"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.x86_64",
        "relates_to_product_reference": "6Server-optional"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
        "relates_to_product_reference": "6Server-optional"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
        "relates_to_product_reference": "6Server-optional"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
        "relates_to_product_reference": "6Server-optional"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
        "relates_to_product_reference": "6Server-optional"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:thunderbird-0:3.1.7-3.el6_0.i686"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.i686",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.ppc64",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.s390x",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:thunderbird-0:3.1.7-3.el6_0.src"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.src",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:3.1.7-3.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64"
        },
        "product_reference": "thunderbird-0:3.1.7-3.el6_0.x86_64",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
        },
        "product_reference": "thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
        "relates_to_product_reference": "6Workstation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-3768",
      "discovery_date": "2010-12-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "660420"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system\u0027s font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Mozilla add support for OTS font sanitizer (MFSA 2010-78)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client:thunderbird-0:3.1.7-3.el6_0.i686",
          "6Client:thunderbird-0:3.1.7-3.el6_0.ppc64",
          "6Client:thunderbird-0:3.1.7-3.el6_0.s390x",
          "6Client:thunderbird-0:3.1.7-3.el6_0.src",
          "6Client:thunderbird-0:3.1.7-3.el6_0.x86_64",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.src",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.i686",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.src",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3768"
        },
        {
          "category": "external",
          "summary": "RHBZ#660420",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3768",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3768"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3768",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3768"
        }
      ],
      "release_date": "2010-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-12-09T23:53:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "6Client:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-0:3.1.7-3.el6_0.src",
            "6Client:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.src",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.src",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0969"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-0:3.1.7-3.el6_0.src",
            "6Client:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.src",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.src",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Mozilla add support for OTS font sanitizer (MFSA 2010-78)"
    },
    {
      "cve": "CVE-2010-3776",
      "discovery_date": "2010-12-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "660408"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Mozilla miscellaneous memory safety hazards (MFSA 2010-74)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client:thunderbird-0:3.1.7-3.el6_0.i686",
          "6Client:thunderbird-0:3.1.7-3.el6_0.ppc64",
          "6Client:thunderbird-0:3.1.7-3.el6_0.s390x",
          "6Client:thunderbird-0:3.1.7-3.el6_0.src",
          "6Client:thunderbird-0:3.1.7-3.el6_0.x86_64",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.src",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.i686",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.src",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3776"
        },
        {
          "category": "external",
          "summary": "RHBZ#660408",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660408"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3776",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3776"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3776",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3776"
        }
      ],
      "release_date": "2010-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-12-09T23:53:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "6Client:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-0:3.1.7-3.el6_0.src",
            "6Client:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.src",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.src",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0969"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-0:3.1.7-3.el6_0.src",
            "6Client:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.src",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.src",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Mozilla miscellaneous memory safety hazards (MFSA 2010-74)"
    },
    {
      "cve": "CVE-2010-3777",
      "discovery_date": "2010-12-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "660415"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Mozilla miscellaneous memory safety hazards (MFSA 2010-74)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client:thunderbird-0:3.1.7-3.el6_0.i686",
          "6Client:thunderbird-0:3.1.7-3.el6_0.ppc64",
          "6Client:thunderbird-0:3.1.7-3.el6_0.s390x",
          "6Client:thunderbird-0:3.1.7-3.el6_0.src",
          "6Client:thunderbird-0:3.1.7-3.el6_0.x86_64",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
          "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.src",
          "6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
          "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.i686",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.src",
          "6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
          "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3777"
        },
        {
          "category": "external",
          "summary": "RHBZ#660415",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660415"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3777",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3777"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3777",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3777"
        }
      ],
      "release_date": "2010-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-12-09T23:53:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "6Client:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-0:3.1.7-3.el6_0.src",
            "6Client:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.src",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.src",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0969"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-0:3.1.7-3.el6_0.src",
            "6Client:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Client:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.src",
            "6Server-optional:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Server-optional:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.src",
            "6Workstation:thunderbird-0:3.1.7-3.el6_0.x86_64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.i686",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.ppc64",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.s390x",
            "6Workstation:thunderbird-debuginfo-0:3.1.7-3.el6_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Mozilla miscellaneous memory safety hazards (MFSA 2010-74)"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-3777 (GCVE-0-2010-3777)

RHSA-2010_0969

Tags

Sightings

Nomenclature