Buffer Over-read Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey

Buffer Over-read Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey

CVE-2010-3769 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.