CVE-2010-3768

Priority
Description
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before
3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly
validate downloadable fonts before use within an operating system's font
implementation, which allows remote attackers to execute arbitrary code via
vectors related to @font-face Cascading Style Sheets (CSS) rules.
Assigned-to
chriscoulson
Notes
jdstrandUbuntu 11.04 (Natty Narwhal) has 4.0b7. Fixes will be in 4.0b8.
Package
Upstream:released (3.6.13)
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Package
Upstream:released (2.0.11)
Package
Upstream:needs-triage
More Information

Updated: 2019-12-05 20:55:47 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)