Detections
Analytics
CVE-2010-3768
critical
Description
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533
https://bugzilla.redhat.com/show_bug.cgi?id=660420
https://bugzilla.mozilla.org/show_bug.cgi?id=527276
http://www.vupen.com/english/advisories/2011/0030
http://www.ubuntu.com/usn/USN-1020-1
http://www.ubuntu.com/usn/USN-1019-1
http://www.securitytracker.com/id?1024848
http://www.securitytracker.com/id?1024846
http://www.securityfocus.com/bid/45352
http://www.redhat.com/support/errata/RHSA-2010-0969.html
http://www.redhat.com/support/errata/RHSA-2010-0966.html
http://www.mozilla.org/security/announce/2010/mfsa2010-78.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:258
http://www.mandriva.com/security/advisories?name=MDVSA-2010:251
http://support.avaya.com/css/P8/documents/100124650
http://secunia.com/advisories/42818
http://secunia.com/advisories/42716
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html