Описание
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 4.0~b8+nobinonly-0ubuntu3 |
| hardy | ignored | end of life |
| karmic | DNE | |
| lucid | released | 3.6.13+build3+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 3.6.13+build3+nobinonly-0ubuntu0.10.10.1 |
| upstream | released | 3.6.13 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 3.6.13+build3+nobinonly-0ubuntu0.8.04.1 |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| karmic | released | 3.6.13+build3+nobinonly-0ubuntu0.9.10.1 |
| lucid | DNE | |
| maverick | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 2.0.11+build1+nobinonly-0ubuntu1 |
| hardy | released | 2.0.11+build1+nobinonly-0ubuntu0.8.04.1 |
| karmic | released | 2.0.11+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 2.0.11+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 2.0.11+build1+nobinonly-0ubuntu0.10.10.1 |
| upstream | released | 2.0.11 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.9.2.13+build3+nobinonly-0ubuntu1 |
| hardy | released | 1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1 |
| karmic | released | 1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1 |
| upstream | needs-triage |
Показывать по
EPSS
9.3 Critical
CVSS2
Связанные уязвимости
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird bef ...
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.
EPSS
9.3 Critical
CVSS2