CVE-2010-3768

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.5.16 and 3.6.x prior to 3.6.13 Thunderbird versions prior to 3.0.11 and 3.1.x prior to 3.1.7 SeaMonkey versions prior to 2.0.11

Description The issue allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules, due to improper validation of downloadable fonts before use within an operating system's font implementation.

Recommendations For Mozilla Firefox versions prior to 3.5.16 and 3.6.x prior to 3.6.13, update to a version that properly validates downloadable fonts. For Thunderbird versions prior to 3.0.11 and 3.1.x prior to 3.1.7, update to a version that properly validates downloadable fonts. For SeaMonkey versions prior to 2.0.11, update to a version that properly validates downloadable fonts. As a temporary workaround, consider disabling the use of @font-face CSS rules in affected applications until a patch is available.