Vulnerability Details : CVE-2010-0161
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2010-0161
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
Exploit prediction scoring system (EPSS) score for CVE-2010-0161
1.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0161
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-0161
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0161
-
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:013
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56992
Mozilla Thunderbird and SeaMonkey Active Directory denial of service CVE-2010-0161 Vulnerability Report
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14159
Repository / Oval Repository
-
https://bugzilla.mozilla.org/show_bug.cgi?id=511806
511806 - Crash when using SSPI and joined to AD under Vista or later [@ strcat - nsImapFlagAndUidState::AddUidCustomFlagPair]Patch
-
http://www.mozilla.org/security/announce/2010/mfsa2010-07.html
Fixes for potentially exploitable crashes ported to the legacy branch — MozillaPatch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2010/0648
Webmail | OVH- OVHPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/38831
Mozilla Thunderbird Multiple Denial of Service Vulnerabilities
Jump to