9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
thunderbird is vulnerable to arbitrary code execution. The vulnerability exists as an HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
www.mozilla.org/security/announce/2010/mfsa2010-34.html
www.redhat.com/security/updates/classification/#critical
access.redhat.com/errata/RHSA-2010:0545
bugzilla.mozilla.org/show_bug.cgi?id=507775
bugzilla.mozilla.org/show_bug.cgi?id=528644
bugzilla.mozilla.org/show_bug.cgi?id=529087
bugzilla.mozilla.org/show_bug.cgi?id=535926
bugzilla.mozilla.org/show_bug.cgi?id=559241
bugzilla.mozilla.org/show_bug.cgi?id=561539
bugzilla.mozilla.org/show_bug.cgi?id=564705
bugzilla.mozilla.org/show_bug.cgi?id=566136
bugzilla.mozilla.org/show_bug.cgi?id=567059
bugzilla.mozilla.org/show_bug.cgi?id=570657
bugzilla.mozilla.org/show_bug.cgi?id=574750
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11552