National Cyber Awareness System

Vulnerability Summary for CVE-2010-0163

Overview

Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.mozilla.org/show_bug.cgi?id=505221

Type: Patch Information

Hyperlink:https://bugzilla.mozilla.org/show_bug.cgi?id=505221

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2010/mfsa2010-07.html

Type: Advisory; Patch Information

Hyperlink:http://www.mozilla.org/security/announce/2010/mfsa2010-07.html

External Source: XF

Name: thunderbird-messages-dos(56993)

Hyperlink:http://xforce.iss.net/xforce/xfdb/56993

External Source: VUPEN

Name: ADV-2010-1556

Hyperlink:http://www.vupen.com/english/advisories/2010/1556

External Source: VUPEN

Name: ADV-2010-0648

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/0648

External Source: UBUNTU

Name: USN-915-1

Hyperlink:http://www.ubuntu.com/usn/USN-915-1

External Source: BID

Name: 38831

Hyperlink:http://www.securityfocus.com/bid/38831

External Source: REDHAT

Name: RHSA-2010:0499

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0499.html

External Source: SECUNIA

Name: 39001

Type: Advisory

Hyperlink:http://secunia.com/advisories/39001

External Source: SECUNIA

Name: 38977

Hyperlink:http://secunia.com/advisories/38977

External Source: OVAL

Name: oval:org.mitre.oval:def:14259

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14259

External Source: OVAL

Name: oval:org.mitre.oval:def:10805

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10805

External Source: SUSE

Name: SUSE-SR:2010:013

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

References to Check Content

Identifier:oval:org.mitre.oval:def:10805

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10805

Identifier:oval:org.mitre.oval:def:14259

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14259