[USN-1020-1] Thunderbird vulnerabilities
Severity
High
CVEs
4
Thunderbird could be made to crash or run programs as your login if it opened a specially crafted file.
Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov
discovered several memory issues in the browser engine. An attacker could
exploit these to crash THunderbird or possibly run arbitrary code as the
user invoking the program. (CVE-2010-3776, CVE-2010-3777, CVE-2010-3778)
Marc Schoenefeld and Christoph Diehl discovered several problems when
handling downloadable fonts. The new OTS font sanitizing library was added
to mitigate these issues. (CVE-2010-3768)
- ID
- USN-1020-1
- Severity
- high
- Severity from
- CVE-2010-3776
- URL
- https://ubuntu.com/security/notices/USN-1020-1
- Published
-
2010-12-09T22:57:05
(13 years ago) - Modified
-
2010-12-09T22:57:05
(13 years ago) - Other Advisories
ELSA-2010-0966
FEDORA-2010-18773
FREEBSD:1D8FF4A2-0445-11E0-8E32-000F20797EDE
GLSA-201301-01
RHSA-2010:0966| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |