9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
www.mozilla.org/security/announce/2010/mfsa2010-40.html
www.redhat.com/security/updates/classification/#critical
www.securityfocus.com/archive/1/512510
www.securityfocus.com/bid/41853
www.zerodayinitiative.com/advisories/ZDI-10-131/
access.redhat.com/errata/RHSA-2010:0545
bugzilla.mozilla.org/show_bug.cgi?id=571106
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958