Описание
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 4.0~b8+nobinonly-0ubuntu3 |
| hardy | ignored | end of life |
| karmic | DNE | |
| lucid | released | 3.6.13+build3+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 3.6.13+build3+nobinonly-0ubuntu0.10.10.1 |
| natty | released | 4.0~b8+nobinonly-0ubuntu3 |
| upstream | released | 3.6.13 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 3.6.13+build3+nobinonly-0ubuntu0.8.04.1 |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| karmic | released | 3.6.13+build3+nobinonly-0ubuntu0.9.10.1 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 2.0.11+build1+nobinonly-0ubuntu1 |
| hardy | released | 2.0.11+build1+nobinonly-0ubuntu0.8.04.1 |
| karmic | released | 2.0.11+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 2.0.11+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 2.0.11+build1+nobinonly-0ubuntu0.10.10.1 |
| natty | released | 2.0.11+build1+nobinonly-0ubuntu1 |
| upstream | released | 2.0.11 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 3.1.7+build3+nobinonly-0ubuntu2 |
| hardy | ignored | end of life |
| karmic | ignored | end of life |
| lucid | released | 3.1.7+build3+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 3.1.7+build3+nobinonly-0ubuntu0.10.10.1 |
| natty | released | 3.1.7+build3+nobinonly-0ubuntu2 |
| upstream | released | 3.1.7 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.9.2.13+build3+nobinonly-0ubuntu1 |
| hardy | released | 1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1 |
| karmic | released | 1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1 |
| natty | released | 1.9.2.13+build3+nobinonly-0ubuntu1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
9.3 Critical
CVSS2
Связанные уязвимости
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.
The line-breaking implementation in Mozilla Firefox before 3.5.16 and ...
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.
EPSS
9.3 Critical
CVSS2