Summary: | <www-client/seamonkey-1.1.19 Multiple vulnerabilities (CVE-2009-3385,CVE-2010-0163) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.mozilla.org/show_bug.cgi?id=371976 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 314009, 324735 | ||
Bug Blocks: |
Description
Alex Legler (RETIRED)
2010-04-01 15:58:05 UTC
CVE-2010-0163 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163): Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing. seamonkey-1 is no longer in the tree... Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore. This one seemed to have missed the big Mozilla GLSA 201301-01. Users have already been advised to update: no GLSA will be issued for this bug. |