CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.1%
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before
3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly
validate downloadable fonts before use within an operating system’s font
implementation, which allows remote attackers to execute arbitrary code via
vectors related to @font-face Cascading Style Sheets (CSS) rules.
Author | Note |
---|---|
jdstrand | Ubuntu 11.04 (Natty Narwhal) has 4.0b7. Fixes will be in 4.0b8. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | < 3.6.13+build3+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | firefox | < 3.6.13+build3+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 8.04 | noarch | firefox-3.0 | < 3.6.13+build3+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | firefox-3.5 | < 3.6.13+build3+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
ubuntu | 8.04 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
ubuntu | 10.04 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 8.04 | noarch | xulrunner-1.9.2 | < 1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | xulrunner-1.9.2 | < 1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |