CVE-2010-0161

2010-03-2300:53:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2010-0161

nsauthsspi

unwrap function

mozilla thunderbird

seamonkey

windows vista

windows server 2008 r2

windows 7

smtp

imap

pop

denial of service

code execution

sspi

nvd

7.8 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.

CPENameOperatorVersion
mozilla:thunderbirdmozilla thunderbirdeq1.5.0.7
mozilla:thunderbirdmozilla thunderbirdeq0.6
mozilla:thunderbirdmozilla thunderbirdeq0.7.2
mozilla:thunderbirdmozilla thunderbirdeq2.0.0.4
mozilla:thunderbirdmozilla thunderbirdeq2.0.0.6
mozilla:thunderbirdmozilla thunderbirdle2.0.0.23
mozilla:thunderbirdmozilla thunderbirdeq0.3
mozilla:thunderbirdmozilla thunderbirdeq2.0.0.21
mozilla:thunderbirdmozilla thunderbirdeq0.2
mozilla:thunderbirdmozilla thunderbirdeq1.0.7

CPE	Name	Operator	Version
mozilla:thunderbird	mozilla thunderbird	eq	1.5.0.7
mozilla:thunderbird	mozilla thunderbird	eq	0.6
mozilla:thunderbird	mozilla thunderbird	eq	0.7.2
mozilla:thunderbird	mozilla thunderbird	eq	2.0.0.4
mozilla:thunderbird	mozilla thunderbird	eq	2.0.0.6
mozilla:thunderbird	mozilla thunderbird	le	2.0.0.23
mozilla:thunderbird	mozilla thunderbird	eq	0.3
mozilla:thunderbird	mozilla thunderbird	eq	2.0.0.21
mozilla:thunderbird	mozilla thunderbird	eq	0.2
mozilla:thunderbird	mozilla thunderbird	eq	1.0.7