The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56992 | vdb-entry x_refsource_XF |
| http://secunia.com/advisories/39001 | third-party-advisory x_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/0648 | vdb-entry x_refsource_VUPEN |
| http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html | vendor-advisory x_refsource_SUSE |
| https://bugzilla.mozilla.org/show_bug.cgi?id=511806 | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14159 | vdb-entry signature x_refsource_OVAL |
| http://www.securityfocus.com/bid/38831 | vdb-entry x_refsource_BID |
| http://www.mozilla.org/security/announce/2010/mfsa2010-07.html | x_refsource_CONFIRM |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56992 | vdb-entry x_refsource_XF x_transferred |
| http://secunia.com/advisories/39001 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://www.vupen.com/english/advisories/2010/0648 | vdb-entry x_refsource_VUPEN x_transferred |
| http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html | vendor-advisory x_refsource_SUSE x_transferred |
| https://bugzilla.mozilla.org/show_bug.cgi?id=511806 | x_refsource_CONFIRM x_transferred |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14159 | vdb-entry signature x_refsource_OVAL x_transferred |
| http://www.securityfocus.com/bid/38831 | vdb-entry x_refsource_BID x_transferred |
| http://www.mozilla.org/security/announce/2010/mfsa2010-07.html | x_refsource_CONFIRM x_transferred |
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 4.3 | MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |