PT-2010-5056 · Mozilla+2 · Firefox+4
Christoph Diehl
+1
·
Published
2010-12-09
·
Updated
2024-06-15
·
CVE-2010-3768
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions prior to 3.5.16 and 3.6.x prior to 3.6.13
Thunderbird versions prior to 3.0.11 and 3.1.x prior to 3.1.7
SeaMonkey versions prior to 2.0.11
Description
The issue allows remote attackers to execute arbitrary code via vectors related to
@font-face Cascading Style Sheets (CSS) rules, due to improper validation of downloadable fonts before use within an operating system's font implementation.Recommendations
For Mozilla Firefox versions prior to 3.5.16 and 3.6.x prior to 3.6.13, update to a version that properly validates downloadable fonts.
For Thunderbird versions prior to 3.0.11 and 3.1.x prior to 3.1.7, update to a version that properly validates downloadable fonts.
For SeaMonkey versions prior to 2.0.11, update to a version that properly validates downloadable fonts.
As a temporary workaround, consider disabling the use of
@font-face CSS rules in affected applications until a patch is available.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox
Red Hat
Seamonkey
Suse
Thunderbird