CVE-2010-0163Improper Synchronization in Mozilla Seamonkey

CWE-662Improper SynchronizationCWE-362Race ConditionCWE-672Operation on a Resource after Expiration or ReleaseCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
5.4%
top 9.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedMar 23
Latest updateMay 2

Description

Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/seamonkey1.1.18+28
NVDmozilla/thunderbird2.0.0.23+57

Patches

Patch: www.mozilla.orgPatch: bugzilla.mozilla.orgPatch: www.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-c9pm-wqw2-p2v7: Mozilla Thunderbird before 22022-05-02
CVEList
CVE-2010-0163: Mozilla Thunderbird before 22010-03-22

📋Vendor Advisories

3
Red Hat
kernel: sctp: a race between ICMP protocol unreachable and connect()2010-05-06
Ubuntu
Thunderbird vulnerabilities2010-03-18
Red Hat
seamonkey/thunderbird: crash when indexing certain messages with attachments2010-03-16

💬Community

2
Bugzilla
CVE-2010-4644 Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files2011-01-06
Bugzilla
CVE-2010-0163 seamonkey/thunderbird: crash when indexing certain messages with attachments2010-03-23
CVE-2010-0163 — Improper Synchronization in Mozilla | cvebase