{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<p>Mozilla Thunderbird versions  ant\u00e9rieures \u00e0 3.1.3 et 3.0.7.</p>","content":"## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s critiques ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird, permettant \u00e0 une personne malveillante d'ex\u00e9cuter du code\narbitraire \u00e0 distance, d'acc\u00e9der ind\u00fbment \u00e0 des informations sur le\nposte de l'utilisateur, de mener des attaques de type injection de code\nindirecte (XSS).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n\nLes versions 3.1.3 et 3.0.7 corrigent ces probl\u00e8mes.\n","cves":[{"name":"CVE-2010-2767","url":"https://www.cve.org/CVERecord?id=CVE-2010-2767"},{"name":"CVE-2010-3169","url":"https://www.cve.org/CVERecord?id=CVE-2010-3169"},{"name":"CVE-2010-2762","url":"https://www.cve.org/CVERecord?id=CVE-2010-2762"},{"name":"CVE-2010-2763","url":"https://www.cve.org/CVERecord?id=CVE-2010-2763"},{"name":"CVE-2010-2764","url":"https://www.cve.org/CVERecord?id=CVE-2010-2764"},{"name":"CVE-2010-2769","url":"https://www.cve.org/CVERecord?id=CVE-2010-2769"},{"name":"CVE-2010-2765","url":"https://www.cve.org/CVERecord?id=CVE-2010-2765"},{"name":"CVE-2010-3167","url":"https://www.cve.org/CVERecord?id=CVE-2010-3167"},{"name":"CVE-2010-3168","url":"https://www.cve.org/CVERecord?id=CVE-2010-3168"},{"name":"CVE-2010-3166","url":"https://www.cve.org/CVERecord?id=CVE-2010-3166"},{"name":"CVE-2010-2768","url":"https://www.cve.org/CVERecord?id=CVE-2010-2768"},{"name":"CVE-2010-2766","url":"https://www.cve.org/CVERecord?id=CVE-2010-2766"},{"name":"CVE-2010-2760","url":"https://www.cve.org/CVERecord?id=CVE-2010-2760"},{"name":"CVE-2010-2770","url":"https://www.cve.org/CVERecord?id=CVE-2010-2770"}],"links":[{"title":"Avis de s\u00e9curit\u00e9 Thunderbird branche 3.1 :","url":"http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html#thunderbird3.1.3"},{"title":"Avis de s\u00e9curit\u00e9 Thunderbird branche 3.0 :","url":"http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html#thunderbird3.0.7"}],"reference":"CERTA-2010-AVI-419","revisions":[{"description":"version initiale.","revision_date":"2010-09-08T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird permettent, entre\nautre, l'ex\u00e9cution de code arbitraire \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird","vendor_advisories":[{"published_at":null,"title":"Note de version de Thunderbird v3.1.3","url":null}]}