MDVSA-2010:251-1

Package name

firefox

Date

2010-12-24

Advisory ID

MDVSA-2010:251-1

Affected versions

2010.0 x86_64 , 2010.0 i586

Problem description

Security issues were identified and fixed in firefox:

Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that
the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are
vulnerable to XSS attacks due to some characters being converted to
angle brackets when displayed by the rendering engine. Sites using
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
strip out these specific characters (CVE-2010-3770).

Google security researcher Michal Zalewski reported that when a
window was opened to a site resulting in a network or certificate
error page, the opening site could access the document inside the
opened window and inject arbitrary content. An attacker could use
this bug to spoof the location bar and trick a user into thinking
they were on a different site than they actually were (CVE-2010-3774).

Mozilla security researcher moz_bug_r_a4 reported that the fix for
CVE-2010-0179 could be circumvented permitting the execution of
arbitrary JavaScript with chrome privileges (CVE-2010-3773).

Security researcher regenrecht reported via TippingPoint's Zero
Day Initiative that JavaScript arrays were vulnerable to an integer
overflow vulnerability. The report demonstrated that an array could
be constructed containing a very large number of items such that when
memory was allocated to store the array items, the integer value used
to calculate the buffer size would overflow resulting in too small a
buffer being allocated. Subsequent use of the array object could then
result in data being written past the end of the buffer and causing
memory corruption (CVE-2010-3767).

Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that a nsDOMAttribute node can be modified without informing
the iterator object responsible for various DOM traversals. This
flaw could lead to a inconsistent state where the iterator points
to an object it believes is part of the DOM but actually points to
some other object. If such an object had been deleted and its memory
reclaimed by the system, then the iterator could be used to call into
attacker-controlled memory (CVE-2010-3766).

Security researcher Gregory Fleischer reported that when a Java
LiveConnect script was loaded via a data: URL which redirects via a
meta refresh, then the resulting plugin object was created with the
wrong security principal and thus received elevated privileges such
as the abilities to read local files, launch processes, and create
network connections (CVE-2010-3775).

Mozilla added the OTS font sanitizing library to prevent downloadable
fonts from exposing vulnerabilities in the underlying OS font
code. This library mitigates against several issues independently
reported by Red Hat Security Response Team member Marc Schoenefeld
and Mozilla security researcher Christoph Diehl (CVE-2010-3768).

Security researcher wushi of team509 reported that when a XUL
tree had an HTML \ element nested inside a \
element then code attempting to display content in the XUL tree would
incorrectly treat the \ element as a parent node to tree content
underneath it resulting in incorrect indexes being calculated for the
child content. These incorrect indexes were used in subsequent array
operations which resulted in writing data past the end of an allocated
buffer. An attacker could use this issue to crash a victim's browser
and run arbitrary code on their machine (CVE-2010-3772).

Security researcher echo reported that a web page could open a window
with an about:blank location and then inject an \ element
into that page which upon submission would redirect to a chrome:
document. The effect of this defect was that the original page would
wind up with a reference to a chrome-privileged object, the opened
window, which could be leveraged for privilege escalation attacks
(CVE-2010-3771).

Dirk Heinrich reported that on Windows platforms when document.write()
was called with a very long string a buffer overflow was caused in line
breaking routines attempting to process the string for display. Such
cases triggered an invalid read past the end of an array causing a
crash which an attacker could potentially use to run arbitrary code
on a victim's computer (CVE-2010-3769).

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort
at least some of these could be exploited to run arbitrary code
(CVE-2010-3776, CVE-2010-3777).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Update:

A mistake was done with the MDVSA-2010:251 advisory where the actual
firefox software was NOT updated to the 3.6.13 version which in
turn lead to that some packages wasn't rebuilt against the correct
version. The secteam wishes to apologise for the misfortunate mistake
and also wishes everyone a great christmas.

Regards // Santa Claus

Updated packages

2010.0 x86_64

 0801a86f204d87ac53bcc850452c7f15  2010.0/x86_64/beagle-0.3.9-20.20mdv2010.0.x86_64.rpm
 9029e090efb718f5d95817dbca069f53  2010.0/x86_64/beagle-crawl-system-0.3.9-20.20mdv2010.0.x86_64.rpm
 e1a74dc97183345906b0b89a4bf9fe4c  2010.0/x86_64/beagle-doc-0.3.9-20.20mdv2010.0.x86_64.rpm
 8bca9cdedd9c2ef048016cdf3ae72302  2010.0/x86_64/beagle-evolution-0.3.9-20.20mdv2010.0.x86_64.rpm
 81212249295ee1d3b4ba83499dc649cc  2010.0/x86_64/beagle-gui-0.3.9-20.20mdv2010.0.x86_64.rpm
 16e2698132e44e964cd4ff2c0b838690  2010.0/x86_64/beagle-gui-qt-0.3.9-20.20mdv2010.0.x86_64.rpm
 9d33ec7d9a8a1521cae7ded408b35d2f  2010.0/x86_64/beagle-libs-0.3.9-20.20mdv2010.0.x86_64.rpm
 bcbcbaf6086158f227529a9a08fb61d9  2010.0/x86_64/firefox-3.6.13-0.1mdv2010.0.x86_64.rpm
 ef670f774cbee1372252e2565a551d58  2010.0/x86_64/firefox-devel-3.6.13-0.1mdv2010.0.x86_64.rpm
 ec3d733438ffc6d27a8b3f73c82cdc50  2010.0/x86_64/firefox-ext-beagle-0.3.9-20.20mdv2010.0.x86_64.rpm
 badaa799dec99d0cddf0fc2689e910b1  2010.0/x86_64/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.x86_64.rpm
 aa57b08ab61e003b21b0ebbcaf0f2f2a  2010.0/x86_64/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.x86_64.rpm
 83ce1041267763f61c5a251bd2ab7f75  2010.0/x86_64/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.x86_64.rpm
 1af95c82dbe7b1e135ed9c12dfc6d89b  2010.0/x86_64/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.x86_64.rpm
 feb1563b8839bbd8acd3f725bdc6eaa7  2010.0/x86_64/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.x86_64.rpm
 7f351f40731624040530fae7a2f0ac2d  2010.0/x86_64/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.x86_64.rpm
 f06f99f6304ed3024115d818e3630236  2010.0/x86_64/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.x86_64.rpm
 bd1cc6232ca148ee69a65ca7ff281b28  2010.0/x86_64/firefox-theme-kfirefox-0.16-7.14mdv2010.0.x86_64.rpm
 92700df25f6cfe91592e11f41fee71f0  2010.0/x86_64/gnome-python-extras-2.25.3-10.15mdv2010.0.x86_64.rpm
 503e2372e4a1f9241f05ddd336fd3d46  2010.0/x86_64/gnome-python-gda-2.25.3-10.15mdv2010.0.x86_64.rpm
 1707e9feda489a7781338214691f7925  2010.0/x86_64/gnome-python-gda-devel-2.25.3-10.15mdv2010.0.x86_64.rpm
 b392561eb56093266212a57709c39097  2010.0/x86_64/gnome-python-gdl-2.25.3-10.15mdv2010.0.x86_64.rpm
 1ec7c05d0fdcea08cb20b4ddddca69a3  2010.0/x86_64/gnome-python-gtkhtml2-2.25.3-10.15mdv2010.0.x86_64.rpm
 9e9e435879b47b96233e6e1002d1116a  2010.0/x86_64/gnome-python-gtkmozembed-2.25.3-10.15mdv2010.0.x86_64.rpm
 0393ae8e7811a12f4e4c4f6c74795d34  2010.0/x86_64/gnome-python-gtkspell-2.25.3-10.15mdv2010.0.x86_64.rpm
 7fe419ee466d37853f6057d7280623cf  2010.0/x86_64/google-gadgets-common-0.11.2-0.10mdv2010.0.x86_64.rpm
 74046268f87f71c8a987e25a30266d25  2010.0/x86_64/google-gadgets-gtk-0.11.2-0.10mdv2010.0.x86_64.rpm
 3459e809d2cd28903ec5caa4a65d0b3c  2010.0/x86_64/google-gadgets-qt-0.11.2-0.10mdv2010.0.x86_64.rpm
 498b74099be7691a0c193089b9e82780  2010.0/x86_64/lib64ggadget1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
 69b51c23d4043ab86e06a5d46d420d35  2010.0/x86_64/lib64ggadget-dbus1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
 18480cd491373dea57a7677108628075  2010.0/x86_64/lib64ggadget-gtk1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
 b43f05c0bdd2ba8c9eb0b7260853399d  2010.0/x86_64/lib64ggadget-js1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
 d81be70624a13c64ac723c05c6268342  2010.0/x86_64/lib64ggadget-npapi1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
 4739da14bfdd0d6cc91e76cfb5968268  2010.0/x86_64/lib64ggadget-qt1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
 cb910134b7f99ae4ec3211091b0081ef  2010.0/x86_64/lib64ggadget-webkitjs0-0.11.2-0.10mdv2010.0.x86_64.rpm
 a442e71a3197f578935d2e117b2e70d5  2010.0/x86_64/lib64ggadget-xdg1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
 db86be47c56ad241f977c9cdce160302  2010.0/x86_64/lib64google-gadgets-devel-0.11.2-0.10mdv2010.0.x86_64.rpm
 ccb21698ae0c0496332ffee801c9eb82  2010.0/x86_64/lib64opensc2-0.11.9-1.15mdv2010.0.x86_64.rpm
 f65e1bed5bb717d52d469087f524ed4f  2010.0/x86_64/lib64opensc-devel-0.11.9-1.15mdv2010.0.x86_64.rpm
 00a19d2e61af0fbb2fddb1dd51f8bc4b  2010.0/x86_64/mozilla-plugin-opensc-0.11.9-1.15mdv2010.0.x86_64.rpm
 15f9caade5585c278a207a3915e1c257  2010.0/x86_64/mozilla-thunderbird-beagle-0.3.9-20.20mdv2010.0.x86_64.rpm
 be7b03cddfd05cdf70f9aa2a01cd6f95  2010.0/x86_64/opensc-0.11.9-1.15mdv2010.0.x86_64.rpm
 c52546473a43cbdf345fe67d4e668baa  2010.0/x86_64/totem-2.28.5-1.12mdv2010.0.x86_64.rpm
 cf502322bd1e665e5196f79425c32bb6  2010.0/x86_64/totem-mozilla-2.28.5-1.12mdv2010.0.x86_64.rpm
 f9f119a0763df86d677b0b3f356be6a4  2010.0/x86_64/totem-nautilus-2.28.5-1.12mdv2010.0.x86_64.rpm
 5a61acd18d334e1eaba84d9ee881462a  2010.0/x86_64/yelp-2.28.0-1.17mdv2010.0.x86_64.rpm 
 b860b8386158a27341ac2416ee61f1bb  2010.0/SRPMS/beagle-0.3.9-20.20mdv2010.0.src.rpm
 10306951c9b1a637c77f84474f3ee218  2010.0/SRPMS/firefox-3.6.13-0.1mdv2010.0.src.rpm
 3aabd2042024b964a9b1e9b6c10dd05c  2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.src.rpm
 722c800bfc876b404a3352de99b8aeaf  2010.0/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.src.rpm
 928da519cfc04251e4bd1bf8f386011c  2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.src.rpm
 6c4aab896ad56f20a3cc2ff70867449c  2010.0/SRPMS/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.src.rpm
 11f22050799c13dfa7d52ab8206a9e05  2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.src.rpm
 0b49bd2f901d7accb41af6c780e26b25  2010.0/SRPMS/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.src.rpm
 c1e47f5f02230bb57542c7068640cb75  2010.0/SRPMS/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.src.rpm
 23bd5d436ba96dd9da528f2411e7accd  2010.0/SRPMS/firefox-theme-kfirefox-0.16-7.14mdv2010.0.src.rpm
 b300dfa39c51ce8a30b747a9e51fd150  2010.0/SRPMS/gnome-python-extras-2.25.3-10.15mdv2010.0.src.rpm
 126d656df1bfb8987e001695d634d762  2010.0/SRPMS/google-gadgets-0.11.2-0.10mdv2010.0.src.rpm
 42340517c49c4724d757ee7ccb93ec63  2010.0/SRPMS/opensc-0.11.9-1.15mdv2010.0.src.rpm
 a148ed3b50fea7e6eefe587159d876e4  2010.0/SRPMS/totem-2.28.5-1.12mdv2010.0.src.rpm
 eef36a9147ff02e6059f194f0f99628b  2010.0/SRPMS/yelp-2.28.0-1.17mdv2010.0.src.rpm

2010.0 i586

 7362b9c9765a78f005c4b665c5ffa3b6  2010.0/i586/beagle-0.3.9-20.20mdv2010.0.i586.rpm
 1e266ec4fea5d204f940949178e43765  2010.0/i586/beagle-crawl-system-0.3.9-20.20mdv2010.0.i586.rpm
 2cefff601507db1181c68d7cc6a5fe67  2010.0/i586/beagle-doc-0.3.9-20.20mdv2010.0.i586.rpm
 ed5d062b55bdc4a08c8c2cdab948621a  2010.0/i586/beagle-evolution-0.3.9-20.20mdv2010.0.i586.rpm
 23d794739b1a79eb9a75694eacfb7010  2010.0/i586/beagle-gui-0.3.9-20.20mdv2010.0.i586.rpm
 dc0311b61ac69fbfb57abe3a4fbceebe  2010.0/i586/beagle-gui-qt-0.3.9-20.20mdv2010.0.i586.rpm
 e157d8acebfeeeecf306e32e729a76b2  2010.0/i586/beagle-libs-0.3.9-20.20mdv2010.0.i586.rpm
 4dc171016cdcd713751797783d1fa3f1  2010.0/i586/firefox-3.6.13-0.1mdv2010.0.i586.rpm
 c2927e77d370dba2175e5ecaccf35721  2010.0/i586/firefox-devel-3.6.13-0.1mdv2010.0.i586.rpm
 5dc79f2a9adb9a8d30badc40500c0ef2  2010.0/i586/firefox-ext-beagle-0.3.9-20.20mdv2010.0.i586.rpm
 a6a0920d05bdafa085f9bfeb99709584  2010.0/i586/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.i586.rpm
 843f24eb522dd9071797435556443d28  2010.0/i586/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.i586.rpm
 1313da214d5ea99f4df481a7fcd928f3  2010.0/i586/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.i586.rpm
 ade481d041332878f5948f40517c01e6  2010.0/i586/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.i586.rpm
 fb38c756d351106c9e75cb6291ea8a46  2010.0/i586/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.i586.rpm
 b0d11d676ec6a1ff0fe5a7e2393eedef  2010.0/i586/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.i586.rpm
 4d963ff7a87bb11030b6e28e4b063e65  2010.0/i586/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.i586.rpm
 72c6e38a8844f558066cc3c514d5dd1f  2010.0/i586/firefox-theme-kfirefox-0.16-7.14mdv2010.0.i586.rpm
 d9640b653c7969f3e26eb94eee6ca364  2010.0/i586/gnome-python-extras-2.25.3-10.15mdv2010.0.i586.rpm
 6643878b6a7c66545d4dbd4cccfd0575  2010.0/i586/gnome-python-gda-2.25.3-10.15mdv2010.0.i586.rpm
 f53e9bdf9e3692abb8d479198d7dfd71  2010.0/i586/gnome-python-gda-devel-2.25.3-10.15mdv2010.0.i586.rpm
 b5b48946228182c83d6500b5c77de0a2  2010.0/i586/gnome-python-gdl-2.25.3-10.15mdv2010.0.i586.rpm
 58b06513c1ee76b050a5c538f1d0798e  2010.0/i586/gnome-python-gtkhtml2-2.25.3-10.15mdv2010.0.i586.rpm
 6ed7e73a085db2858650a83c4925a69a  2010.0/i586/gnome-python-gtkmozembed-2.25.3-10.15mdv2010.0.i586.rpm
 0ee2fbeb046190f2b1f1ccf569bac015  2010.0/i586/gnome-python-gtkspell-2.25.3-10.15mdv2010.0.i586.rpm
 7259052b96bd807e8a9755a0e1a95f50  2010.0/i586/google-gadgets-common-0.11.2-0.10mdv2010.0.i586.rpm
 807871d45d5b3bffb0d9fe995bc7e5c2  2010.0/i586/google-gadgets-gtk-0.11.2-0.10mdv2010.0.i586.rpm
 651a021de8269f65b86d17fdb096a104  2010.0/i586/google-gadgets-qt-0.11.2-0.10mdv2010.0.i586.rpm
 61698165914e1603ff8ac7a19f65647f  2010.0/i586/libggadget1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
 d4de34cbc1fb5cc422a165d9c846cd52  2010.0/i586/libggadget-dbus1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
 40d01d884275a44c317a10b3ec78e41e  2010.0/i586/libggadget-gtk1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
 782c44f3cc5da470ce8f3a354e55085f  2010.0/i586/libggadget-js1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
 030ce727beec59e7ace7c4831c1c6eca  2010.0/i586/libggadget-npapi1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
 9643cb63dd8bb03d8b04531bc27a1f5b  2010.0/i586/libggadget-qt1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
 2a231ef630da0604d31146943c960111  2010.0/i586/libggadget-webkitjs0-0.11.2-0.10mdv2010.0.i586.rpm
 cb3fb13a0fadab536587f8e1d5005ad8  2010.0/i586/libggadget-xdg1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
 a2e761817c086c5012c90a7c754f532e  2010.0/i586/libgoogle-gadgets-devel-0.11.2-0.10mdv2010.0.i586.rpm
 6faf36e422103e598af415856d8ba458  2010.0/i586/libopensc2-0.11.9-1.15mdv2010.0.i586.rpm
 efe24a3cc32b55ee94c93e4684a19aef  2010.0/i586/libopensc-devel-0.11.9-1.15mdv2010.0.i586.rpm
 a7f23821bc28c7e46b07330a19a25844  2010.0/i586/mozilla-plugin-opensc-0.11.9-1.15mdv2010.0.i586.rpm
 d2298d9085709db208524850209782c8  2010.0/i586/mozilla-thunderbird-beagle-0.3.9-20.20mdv2010.0.i586.rpm
 d393fcead0795f183df5e7861367e0ef  2010.0/i586/opensc-0.11.9-1.15mdv2010.0.i586.rpm
 c733515bcac41571e388ef640bee809b  2010.0/i586/totem-2.28.5-1.12mdv2010.0.i586.rpm
 ee007e4b75baf6a29b3ccc805a5f654a  2010.0/i586/totem-mozilla-2.28.5-1.12mdv2010.0.i586.rpm
 29a8a6939986c856c8112bf45ef59dd8  2010.0/i586/totem-nautilus-2.28.5-1.12mdv2010.0.i586.rpm
 f8b80a53722077bd279e9ee81787086e  2010.0/i586/yelp-2.28.0-1.17mdv2010.0.i586.rpm 
 b860b8386158a27341ac2416ee61f1bb  2010.0/SRPMS/beagle-0.3.9-20.20mdv2010.0.src.rpm
 10306951c9b1a637c77f84474f3ee218  2010.0/SRPMS/firefox-3.6.13-0.1mdv2010.0.src.rpm
 3aabd2042024b964a9b1e9b6c10dd05c  2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.src.rpm
 722c800bfc876b404a3352de99b8aeaf  2010.0/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.src.rpm
 928da519cfc04251e4bd1bf8f386011c  2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.src.rpm
 6c4aab896ad56f20a3cc2ff70867449c  2010.0/SRPMS/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.src.rpm
 11f22050799c13dfa7d52ab8206a9e05  2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.src.rpm
 0b49bd2f901d7accb41af6c780e26b25  2010.0/SRPMS/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.src.rpm
 c1e47f5f02230bb57542c7068640cb75  2010.0/SRPMS/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.src.rpm
 23bd5d436ba96dd9da528f2411e7accd  2010.0/SRPMS/firefox-theme-kfirefox-0.16-7.14mdv2010.0.src.rpm
 b300dfa39c51ce8a30b747a9e51fd150  2010.0/SRPMS/gnome-python-extras-2.25.3-10.15mdv2010.0.src.rpm
 126d656df1bfb8987e001695d634d762  2010.0/SRPMS/google-gadgets-0.11.2-0.10mdv2010.0.src.rpm
 42340517c49c4724d757ee7ccb93ec63  2010.0/SRPMS/opensc-0.11.9-1.15mdv2010.0.src.rpm
 a148ed3b50fea7e6eefe587159d876e4  2010.0/SRPMS/totem-2.28.5-1.12mdv2010.0.src.rpm
 eef36a9147ff02e6059f194f0f99628b  2010.0/SRPMS/yelp-2.28.0-1.17mdv2010.0.src.rpm

References

• http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774