CVE-2010-0161 — Out-of-bounds Write in Mozilla Seamonkey

CWE-3996 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

1.5%

top 18.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedMar 23

Latest updateMay 2

Description

The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/seamonkey1.1.18+28

▶NVDmozilla/thunderbird2.0.0.23+53

Patches

Patch: www.mozilla.org ↗Patch: www.vupen.com ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-4fc7-9mv4-pp8w: The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI↗2022-05-02

▶

CVEList

CVE-2010-0161: The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI↗2010-03-22

▶

📋Vendor Advisories

Red Hat

kernel: sys_move_pages infoleak↗2010-02-05

▶

Red Hat

kernel: tty->pgrp races↗2009-12-17

▶

Red Hat

kernel: untangle the do_mremap()↗2009-12-07

▶