Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw related to the line-breaking implementation's handling of long strings. The issue is triggered when a context-dependent attacker uses a maliciously crafted document.write call to trigger a buffer over-read. This will allow the execution of arbitrary code.

Upgrade Firefox to version 3.5.16 or 3.6.13 or higher, Thunderbird to version 3.0.11 or 3.1.7 or higher and SeaMonkey to version 2.0.11 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2010-3769 (see also: NVD)
• Secunia Advisory ID: 42517 42518 42519 42573 42716 42818 51766
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0144.html
• Vendor Specific News/Changelog Entry: http://lists.debian.org/debian-security-announce/2010/msg00183.html
  http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html
  http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html
  http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html
  http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml
  http://www.mozilla.org/security/announce/2010/mfsa2010-75.html
  https://bugzilla.mozilla.org/show_bug.cgi?id=608336 [ Auth Req'd ]

• Dirk Heinrich