CVE-2010-0161

Description

The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.

Related CPE's

amozillathunderbird1.5.0.7*******

amozillathunderbird0.6*******

amozillathunderbird0.7.2*******

amozillathunderbird2.0.0.4*******

amozillathunderbird2.0.0.6*******

amozillathunderbird********

amozillathunderbird0.3*******

amozillathunderbird2.0.0.21*******

amozillathunderbird0.2*******

amozillathunderbird1.0.7*******

References

https://bugzilla.mozilla.org/show_bug.cgi?id=511806

Patch

http://www.mozilla.org/security/announce/2010/mfsa2010-07.html

PatchVendor Advisory

38831

39001

Vendor Advisory

ADV-2010-0648

PatchVendor Advisory

SUSE-SR:2010:013

thunderbird-activedirectory-dos(56992)

oval:org.mitre.oval:def:14159

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

4.300000190734863

Created by Yello
About Severity.io