CVE-2010-3769 Information

Description

The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 Thunderbird before 3.0.11 and 3.1.x before 3.1.7 and SeaMonkey before 2.0.11 on Windows does not properly handle long strings which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://osvdb.org/69771 http://secunia.com/advisories/42716 http://secunia.com/advisories/42818 http://www.debian.org/security/2010/dsa-2132 http://www.mandriva.com/security/advisories?name=MDVSA-2010:251 http://www.mandriva.com/security/advisories?name=MDVSA-2010:258 http://www.mozilla.org/security/announce/2010/mfsa2010-75.html http://www.securityfocus.com/bid/45345 http://www.securitytracker.com/id?1024846 http://www.securitytracker.com/id?1024848 http://www.vupen.com/english/advisories/2011/0030 https://bugzilla.mozilla.org/show_bug.cgi?id=608336 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12342