Oval Definition:oval:org.mitre.oval:def:12533
Revision Date:2014-10-06Version:31
Title:Information disclosure vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7 and Mozilla SeaMonkey before 2.0.11
Description:Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-3768
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis
  • Related to Mozilla Firefox
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is before 3.5.16
  • OR Mozilla Firefox Mainline version is 3.6.x before 3.6.13
  • OR Related to Mozilla SeaMonkey
  • Mozilla Seamonkey is installed
  • AND Check if the version of Mozilla Seamonkey is before 2.0.11
  • OR Related to Mozilla thunderbird
  • Mozilla Thunderbird Mainline release is installed
  • AND Check if the version of Mozilla Thunderbird is before 3.0.11 or 3.1.x before 3.1.7
  • AND Check if the version of Mozilla Thunderbird is before 3.0.11
    • BACK